IETF Logo Mail Archive

Re: [dhcwg] draft-bi-dhc-sec-option

Ted Lemon <Ted.Lemon@nominum.com> Tue, 27 March 2012 15:19 UTC

Return-Path: <Ted.Lemon@nominum.com>
X-Original-To: dhcwg@ietfa.amsl.com
Delivered-To: dhcwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9C7AF21F8907 for <dhcwg@ietfa.amsl.com>; Tue, 27 Mar 2012 08:19:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -106.46
X-Spam-Level:
X-Spam-Status: No, score=-106.46 tagged_above=-999 required=5 tests=[AWL=0.139, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OJJZCLidUgCJ for <dhcwg@ietfa.amsl.com>; Tue, 27 Mar 2012 08:19:59 -0700 (PDT)
Received: from exprod7og101.obsmtp.com (exprod7og101.obsmtp.com [64.18.2.155]) by ietfa.amsl.com (Postfix) with ESMTP id DE69521F8902 for <dhcwg@ietf.org>; Tue, 27 Mar 2012 08:19:58 -0700 (PDT)
Received: from shell-too.nominum.com ([64.89.228.229]) (using TLSv1) by exprod7ob101.postini.com ([64.18.6.12]) with SMTP ID DSNKT3HanqW1ya3yg7GMI2aqlBDsYDb0AWpU@postini.com; Tue, 27 Mar 2012 08:19:58 PDT
Received: from archivist.nominum.com (archivist.nominum.com [64.89.228.108]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "*.nominum.com", Issuer "Go Daddy Secure Certification Authority" (verified OK)) by shell-too.nominum.com (Postfix) with ESMTP id 97EB51B813F for <dhcwg@ietf.org>; Tue, 27 Mar 2012 08:19:57 -0700 (PDT)
Received: from webmail.nominum.com (cas-01.win.nominum.com [64.89.228.131]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (Client CN "mail.nominum.com", Issuer "Go Daddy Secure Certification Authority" (verified OK)) by archivist.nominum.com (Postfix) with ESMTPS id 89EF7190068; Tue, 27 Mar 2012 08:19:57 -0700 (PDT) (envelope-from Ted.Lemon@nominum.com)
Received: from MBX-02.WIN.NOMINUM.COM ([64.89.228.134]) by CAS-01.WIN.NOMINUM.COM ([64.89.228.131]) with mapi id 14.02.0247.003; Tue, 27 Mar 2012 08:19:57 -0700
From: Ted Lemon <Ted.Lemon@nominum.com>
To: Alper Yegin <alper.yegin@yegin.org>, dhc WG <dhcwg@ietf.org>
Thread-Topic: [dhcwg] draft-bi-dhc-sec-option
Thread-Index: AQHNDCs97FdY0hE8ekCzaZlLGDHV+ZZ+QWZI
Date: Tue, 27 Mar 2012 15:19:57 +0000
Message-ID: <8D23D4052ABE7A4490E77B1A012B6307472C3E6F@mbx-02.win.nominum.com>
References: <CAC16W0DXs4q5ApuiyN4pVJVuXQQunAFMGnu5JjJvszcWjnncJA@mail.gmail.com>, <2F208A97-BFF3-4820-BA98-3E47AC41D992@yegin.org>
In-Reply-To: <2F208A97-BFF3-4820-BA98-3E47AC41D992@yegin.org>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [192.168.1.10]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Subject: Re: [dhcwg] draft-bi-dhc-sec-option
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: <dhcwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dhcwg>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 27 Mar 2012 15:19:59 -0000

> RFC 3118 is not used. Sending security parameters over DHCP needs consideration.

Yes, we have pretty much given up on providing information like this in DHCP.   It doesn't make any sense to do so, because DHCP does not operate in controlled administrative domains.   Even if you authenticate the DHCP server, you still can't trust it to tell you what PKI server to talk to.

v2.23.0 | Report a Bug | By Email