Re: Security Architecture for DHCP
bound@zk3.dec.com Mon, 21 April 1997 16:59 UTC
Received: from cnri by ietf.org id aa17418; 21 Apr 97 12:59 EDT
Received: from marge.bucknell.edu by CNRI.Reston.VA.US id aa28271; 21 Apr 97 12:59 EDT
Received: from reef.bucknell.edu by mail.bucknell.edu; (5.65v3.2/1.1.8.2/17Jul96-0109PM) id AA11627; Mon, 21 Apr 1997 12:53:37 -0400
Date: Mon, 21 Apr 1997 12:53:37 -0400
Message-Id: <9704211525.AA20515@wasted.zk3.dec.com>
Errors-To: droms@bucknell.edu
Reply-To: dhcp-v4@bucknell.edu
Originator: dhcp-v4@bucknell.edu
Sender: dhcp-v4@bucknell.edu
Precedence: bulk
From: bound@zk3.dec.com
To: Multiple recipients of list <dhcp-v4@bucknell.edu>
Subject: Re: Security Architecture for DHCP
X-Listprocessor-Version: 6.0c -- ListProcessor by Anastasios Kotsikonas
X-Comment: Discussion of DHCP for IPv4
Ted, >Jim, there is some disagreement as to whether public key, by itself, >will be a good choice for the DHCP authentication protocol. The >reason is that public key signatures are fairly expensive to compute, >and since we have to do it for every packet, this limits the number of >transactions per second that a general purpose computer is likely to >be able to support. This gets to be a big problem on Monday morning >at 9:00 AM when 10,000 or more nodes try to boot at once. The expense is only at set up not during processing. Your also assuming all nodes are booting monday morning and I don't believe that assumption is valid in all cases. The cost of all nodes booting has many issues besides security. I consider this argument a red herring. >My personal belief is that private, shared secrets should be used in >the default case, with public key as a fallback for cases where the >server and the client are not yet known to each other. I don't agree with you. Having the client and server learn a key and and distributing them is less secure than public key using private keys a the client and server. I also believe key recovery is easier with public key. >Did you by any chance have a chance to read the message I posted last >week on what I thought the requirements for DHCP authentication were? Yes and I just read it again. I am giving Olafur my input. Right now it is just input just like yours. Also your mail (which I just read again) focuses too much on DHCPv4 and not enough on the problem and choice for client/server issues which I would like to see addressed first in the WG before we nail down solutions. I think Olafur's draft heads us in that direction. But ignoring DHCPv6 or IPv6 is not wise. I don't think this is an either/or situtation customers will want a choice here and to force symetric algorithms and strategy on them as the only solution IMO is not a good idea and I don't support that idea. /jim _MelloN_
- Security Architecture for DHCP bound
- Re: Security Architecture for DHCP Ted Lemon
- Re: Security Architecture for DHCP bound
- Re: Security Architecture for DHCP bound
- Re: Security Architecture for DHCP Ted Lemon
- Re: Security Architecture for DHCP Olafur Gudmundsson
- Re: Security Architecture for DHCP bound