IETF Logo Mail Archive

Re: [dhcwg] Security for leasequery messages

Ted Lemon <mellon@fugue.com> Sat, 10 April 2004 03:59 UTC

Received: from optimus.ietf.org (optimus.ietf.org [132.151.1.19]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id XAA08268 for <dhcwg-archive@odin.ietf.org>; Fri, 9 Apr 2004 23:59:19 -0400 (EDT)
Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1BC9ds-0005XO-6d for dhcwg-archive@odin.ietf.org; Fri, 09 Apr 2004 23:58:52 -0400
Received: (from exim@localhost) by www1.ietf.org (8.12.8/8.12.8/Submit) id i3A3wqkI021282 for dhcwg-archive@odin.ietf.org; Fri, 9 Apr 2004 23:58:52 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1BC9ds-0005XB-15 for dhcwg-web-archive@optimus.ietf.org; Fri, 09 Apr 2004 23:58:52 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id XAA08243 for <dhcwg-web-archive@ietf.org>; Fri, 9 Apr 2004 23:58:49 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 1BC9do-0004WD-00 for dhcwg-web-archive@ietf.org; Fri, 09 Apr 2004 23:58:48 -0400
Received: from exim by ietf-mx with spam-scanned (Exim 4.12) id 1BC9cP-0004Lu-00 for dhcwg-web-archive@ietf.org; Fri, 09 Apr 2004 23:57:22 -0400
Received: from optimus.ietf.org ([132.151.1.19]) by ietf-mx with esmtp (Exim 4.12) id 1BC9b6-0004CA-00 for dhcwg-web-archive@ietf.org; Fri, 09 Apr 2004 23:56:00 -0400
Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1BC9b7-0004zN-0W; Fri, 09 Apr 2004 23:56:01 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1BC9ab-0004yt-Jy for dhcwg@optimus.ietf.org; Fri, 09 Apr 2004 23:55:29 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id XAA08103 for <dhcwg@ietf.org>; Fri, 9 Apr 2004 23:55:26 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 1BC9aZ-000451-00 for dhcwg@ietf.org; Fri, 09 Apr 2004 23:55:27 -0400
Received: from exim by ietf-mx with spam-scanned (Exim 4.12) id 1BC9ZY-0003um-00 for dhcwg@ietf.org; Fri, 09 Apr 2004 23:54:25 -0400
Received: from toccata.fugue.com ([204.152.186.142]) by ietf-mx with esmtp (Exim 4.12) id 1BC9Y6-0003kb-00 for dhcwg@ietf.org; Fri, 09 Apr 2004 23:52:54 -0400
Received: from [192.168.1.101] (pcp08421798pcs.orovly01.az.comcast.net [69.139.223.225]) by toccata.fugue.com (Postfix) with ESMTP id 309A51B26F0; Fri, 9 Apr 2004 22:46:06 -0500 (CDT)
In-Reply-To: <4076DEDF.8020004@cisco.com>
References: <002d01c41e4d$2fab5850$6401a8c0@amer.cisco.com> <4076DEDF.8020004@cisco.com>
Mime-Version: 1.0 (Apple Message framework v613)
Content-Type: text/plain; charset="US-ASCII"; format="flowed"
Message-Id: <8A97A43A-8AA2-11D8-AE87-000A95D9C74C@fugue.com>
Content-Transfer-Encoding: 7bit
Cc: 'Kim Kinnear' <kkinnear@cisco.com>, 'Ralph Droms' <rdroms@cisco.com>, Bernie Volz <volz@cisco.com>, dhcwg@ietf.org
From: Ted Lemon <mellon@fugue.com>
Subject: Re: [dhcwg] Security for leasequery messages
Date: Fri, 09 Apr 2004 20:52:52 -0700
To: Josh Littlefield <joshl@cisco.com>
X-Mailer: Apple Mail (2.613)
Content-Transfer-Encoding: 7bit
Sender: dhcwg-admin@ietf.org
Errors-To: dhcwg-admin@ietf.org
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Id: <dhcwg.ietf.org>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
X-Spam-Checker-Version: SpamAssassin 2.60 (1.212-2003-09-23-exp) on ietf-mx.ietf.org
X-Spam-Status: No, hits=0.0 required=5.0 tests=none autolearn=no version=2.60
Content-Transfer-Encoding: 7bit
Content-Transfer-Encoding: 7bit

On Apr 9, 2004, at 10:35 AM, Josh Littlefield wrote:
> Wouldn't another approach be to use RFC 3118?  In this case, we aren't 
> talking about relayed messages, we're talking about directed messages 
> from a relay/access concentrator to the server (and back), with 
> non-zero giaddr.  Seems to me there's no reason RFC 3118 couldn't 
> secure these messages based on shared secret.

That's a good point - RFC3118 is actually a credible answer to the 
problem of securing server<->concentrator communication, because in 
most cases it is not a problem to use one or only a few shared keys in 
this context, where it's completely lame to do so in the context of a 
large set of DHCP end-users.


_______________________________________________
dhcwg mailing list
dhcwg@ietf.org
https://www1.ietf.org/mailman/listinfo/dhcwg

v2.23.0 | Report a Bug | By Email