On Mar 5, 2013, at 6:21 PM, Chris Grundemann wrote: > On 3/3/13 5:23 PM, "Erik Kline" <[email protected]> wrote: > >>> Very good point Erik, thank you. We will certainly take that into >>> consideration going forward. This is also why we are proposing a mix of >>> two to three CER/ISP Edge determining characteristics (e.g. Including >>> the >>> CER_ID option as well as the /48 prefix check, etc.). >> >> Yeah, well about that: I don't see any discussion of the security of >> this CER_ID option. If a hipnet device were operating in an >> environment in which such a thing could be spoofed then it would be >> trivial to punch open a hipnet network. >> >> Furthermore, it will be bad press when someone inevitably publishes an >> article documenting that your ISP can punch open your hipnet network >> if they so choose just by publishing a CER_ID to you. Really bad >> press. >> >> Maybe this is discussed in the CER_ID doc and you intended to pull its >> security considerations in by transitive closure, I don't know. > > Right, this is something that would be addressed in the CER_ID draft > itself. While I don't doubt that spoofing or other malicious activity is > possible, I am not sure I see how the possibility is any greater or more > sever than it is today with existing DHCPv6 (and ND for that matter) > messages. Are you simply saying that this is a possibility, or are you > inferring that this option would introduce a more serious threat? Either > way we should likely take this discussion off-list or onto the DHC list, > since it is directly relevant to the CER_ID draft and only indirectly > associated with the home network architecture more generally.
If Homenet is going to use the CER_ID, we need to agree on the use of it here. DHC is there largely to make sure it's formatted correctly and such, not "semantic content". http://datatracker.ietf.org/wg/dhc/charter/: "Generally speaking, the DHC WG will not be responsible for evaluating the semantic content of proposed options. Similarly, the ownership of specifications typically belongs the relevant working group that needs more functionality from DHCP, not the DHC WG. The DHC WG coordinates reviews of the proposed options together with those working groups. It is required that those working groups have consensus to take on the work and that the work is within their charter." - Mark > > Thanks, > ~Chris > > _______________________________________________ > homenet mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/homenet
_______________________________________________ homenet mailing list [email protected] https://www.ietf.org/mailman/listinfo/homenet
