draft-ietf-dhc-relay-server-security-04.txt   draft-ietf-dhc-relay-server-security-05.txt 
Network Working Group B. Volz Network Working Group B. Volz
Internet-Draft Cisco Systems Internet-Draft Cisco Systems
Intended status: Standards Track Y. Pal Intended status: Standards Track Y. Pal
Expires: September 30, 2017 Cisco Systems, Inc. Expires: October 21, 2017 Cisco Systems, Inc.
March 29, 2017 April 19, 2017
Security of Messages Exchanged Between Servers and Relay Agents Security of Messages Exchanged Between Servers and Relay Agents
draft-ietf-dhc-relay-server-security-04.txt draft-ietf-dhc-relay-server-security-05.txt
Abstract Abstract
The Dynamic Host Configuration Protocol for IPv4 (DHCPv4) has no The Dynamic Host Configuration Protocol for IPv4 (DHCPv4) has no
guidance for how to secure messages exchanged between servers and guidance for how to secure messages exchanged between servers and
relay agents. The Dynamic Host Configuration Protocol for IPv6 relay agents. The Dynamic Host Configuration Protocol for IPv6
(DHCPv6) states that IPsec should be used to secure messages (DHCPv6) states that IPsec should be used to secure messages
exchanged between servers and relay agents, but does not require exchanged between servers and relay agents, but does not require
encryption. And, with recent concerns about pervasive monitoring and encryption. And, with recent concerns about pervasive monitoring and
other attacks, it is appropriate to require securing relay to relay other attacks, it is appropriate to require securing relay to relay
skipping to change at page 1, line 39 skipping to change at page 1, line 39
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on September 30, 2017. This Internet-Draft will expire on October 21, 2017.
Copyright Notice Copyright Notice
Copyright (c) 2017 IETF Trust and the persons identified as the Copyright (c) 2017 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 2, line 28 skipping to change at page 2, line 28
not be created outside the IETF Standards Process, except to format not be created outside the IETF Standards Process, except to format
it for publication as an RFC or to translate it into languages other it for publication as an RFC or to translate it into languages other
than English. than English.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
2. Requirements Language and Terminology . . . . . . . . . . . . 3 2. Requirements Language and Terminology . . . . . . . . . . . . 3
3. Security of Messages Exchanged Between Servers and Relay 3. Security of Messages Exchanged Between Servers and Relay
Agents . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 Agents . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
4. Security Considerations . . . . . . . . . . . . . . . . . . . 4 4. Security Considerations . . . . . . . . . . . . . . . . . . . 5
5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 5 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 5
6. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 5 6. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 6
7. References . . . . . . . . . . . . . . . . . . . . . . . . . 6 7. References . . . . . . . . . . . . . . . . . . . . . . . . . 6
7.1. Normative References . . . . . . . . . . . . . . . . . . 6 7.1. Normative References . . . . . . . . . . . . . . . . . . 6
7.2. Informative References . . . . . . . . . . . . . . . . . 6 7.2. Informative References . . . . . . . . . . . . . . . . . 6
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 7 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 8
1. Introduction 1. Introduction
The Dynamic Host Configuration Protocol for IPv4 (DHCPv4) [RFC2131] The Dynamic Host Configuration Protocol for IPv4 (DHCPv4) [RFC2131]
and [RFC1542] has no guidance for how to secure messages exchanged and [RFC1542] has no guidance for how to secure messages exchanged
between servers and relay agents. The Dynamic Host Configuration between servers and relay agents. The Dynamic Host Configuration
Protocol for IPv6 (DHCPv6) [RFC3315] states that IPsec should be used Protocol for IPv6 (DHCPv6) [RFC3315] states that IPsec should be used
to secure messages exchanged between servers and relay agents, but to secure messages exchanged between servers and relay agents, but
does not recommend encryption. And, with recent concerns about does not recommend encryption. And, with recent concerns about
pervasive monitoring [RFC7258], it is appropriate to require use of pervasive monitoring [RFC7258], it is appropriate to require use of
IPsec with encryption for relay to server communication for DHCPv4 IPsec with encryption for relay to server communication for DHCPv4
and require use of IPsec with encryption for relay to relay and relay and require use of IPsec with encryption for relay to relay and relay
to server communication for DHCPv6. to server communication for DHCPv6.
This document specifies the optional requirements for relay agent and
server implementations to support IPsec authentication and encryption
and recommends operators enable this IPsec support.
2. Requirements Language and Terminology 2. Requirements Language and Terminology
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in [RFC2119] when they document are to be interpreted as described in [RFC2119] when they
appear in ALL CAPS. When these words are not in ALL CAPS (such as appear in ALL CAPS. When these words are not in ALL CAPS (such as
"should" or "Should"), they have their usual English meanings, and "should" or "Should"), they have their usual English meanings, and
are not to be interpreted as [RFC2119] key words. are not to be interpreted as [RFC2119] key words.
This document uses terminology from [RFC1542], [RFC2131], and This document uses terminology from [RFC1542], [RFC2131], and
[RFC3315]. [RFC3315].
3. Security of Messages Exchanged Between Servers and Relay Agents 3. Security of Messages Exchanged Between Servers and Relay Agents
For DHCPv6 [RFC3315], this specification REQUIRES IPsec encryption of For DHCPv6 [RFC3315], this specification REQUIRES relay and server
relay to relay and relay to server communication and replaces the implementations to support IPsec encryption of relay to relay and
text in RFC3315 Section 21.1. relay to server communication as documented below (this replaces the
text in RFC3315 Section 21.1).
For DHCPv4 [RFC2131], this specification REQUIRES IPsec encryption of For DHCPv4 [RFC2131], this specification REQUIRES relay and server
relay to server communication. implementations to support IPsec encryption of relay to server
communication as documented below.
This specification RECOMMENDS that operators enable IPsec for this
communication.
By using IPsec with encryption for this communication, the By using IPsec with encryption for this communication, the
potentially sensitive client message and relay included information, potentially sensitive client message and relay included information,
such as the DHCPv4 relay-agent information option (82) [RFC3046], such as the DHCPv4 relay-agent information option (82) [RFC3046],
vendor-specific information (for example, [CableLabs-DHCP]), and vendor-specific information (for example, [CableLabs-DHCP]), and
Access-Network-Identifier Option(s) [RFC7839], are protected from Access-Network-Identifier Option(s) [RFC7839], are protected from
pervasive monitoring and other attacks. pervasive monitoring and other attacks.
Relay agents and servers MUST exchange messages securely using the Relay agents and servers MUST be able to exchange messages using the
IPsec mechanisms described in [RFC4301]. If a client message is IPsec mechanisms described in [RFC4301] and with the conditions
relayed through multiple relay agents (relay chain), each of the below. If a client message is relayed through multiple relay agents
relay agents MUST have an established independent, pairwise trust (relay chain), each of the relay agents MUST have an established
relationships. That is, if messages from client C will be relayed by independent, pairwise trust relationships. That is, if messages from
relay agent A to relay agent B and then to the server, relay agents A client C will be relayed by relay agent A to relay agent B and then
and B MUST be configured to use IPsec for the messages they exchange, to the server, relay agents A and B MUST be configured to use IPsec
and relay agent B and the server MUST be configured to use IPsec for for the messages they exchange, and relay agent B and the server MUST
the messages they exchange. be configured to use IPsec for the messages they exchange.
Relay agents and servers use IPsec with the following conditions:
Selectors Relay agents are manually configured with the Selectors Relay agents are manually configured with the
addresses of the relay agent or server to addresses of the relay agent or server to
which DHCP messages are to be forwarded. which DHCP messages are to be forwarded.
Each relay agent and server that will be Each relay agent and server that will be
using IPsec for securing DHCP messages MUST using IPsec for securing DHCP messages MUST
also be configured with a list of the relay also be configured with a list of the relay
agents to which messages will be returned. agents to which messages will be returned.
The selectors for the relay agents and The selectors for the relay agents and
servers will be the pairs of addresses servers will be the pairs of addresses
defining relay agents and servers and the defining relay agents and servers and the
direction of DHCP message exchange on DHCPv4 direction of DHCP message exchange on DHCPv4
UDP port 67 or DHCPv6 UDP port 547. UDP port 67 or DHCPv6 UDP port 547.
 End of changes. 11 change blocks. 
21 lines changed or deleted 33 lines changed or added

This html diff was produced by rfcdiff 1.45. The latest version is available from http://tools.ietf.org/tools/rfcdiff/