IETF Logo Mail Archive

Re: [dhcwg] status of draft-ietf-dhc-agent-subnet-selection

Thomas Narten <narten@us.ibm.com> Wed, 09 October 2002 19:48 UTC

Received: from www1.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id PAA01462 for <dhcwg-archive@odin.ietf.org>; Wed, 9 Oct 2002 15:48:44 -0400 (EDT)
Received: (from mailnull@localhost) by www1.ietf.org (8.11.6/8.11.6) id g99JoPA13582 for dhcwg-archive@odin.ietf.org; Wed, 9 Oct 2002 15:50:25 -0400
Received: from ietf.org (odin.ietf.org [132.151.1.176]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id g99JoPv13579 for <dhcwg-web-archive@optimus.ietf.org>; Wed, 9 Oct 2002 15:50:25 -0400
Received: from www1.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id PAA01455 for <dhcwg-web-archive@ietf.org>; Wed, 9 Oct 2002 15:48:13 -0400 (EDT)
Received: from www1.ietf.org (localhost.localdomain [127.0.0.1]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id g99Jm3v13474; Wed, 9 Oct 2002 15:48:03 -0400
Received: from ietf.org (odin.ietf.org [132.151.1.176]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id g99Jl7v13426 for <dhcwg@optimus.ietf.org>; Wed, 9 Oct 2002 15:47:07 -0400
Received: from e3.ny.us.ibm.com (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id PAA01330 for <dhcwg@ietf.org>; Wed, 9 Oct 2002 15:44:54 -0400 (EDT)
Received: from northrelay03.pok.ibm.com (northrelay03.pok.ibm.com [9.56.224.151]) by e3.ny.us.ibm.com (8.12.2/8.12.2) with ESMTP id g99Jkqxw095896; Wed, 9 Oct 2002 15:46:52 -0400
Received: from rotala.raleigh.ibm.com (rotala.raleigh.ibm.com [9.27.12.14]) by northrelay03.pok.ibm.com (8.12.3/NCO/VER6.4) with ESMTP id g99Jknn4028144; Wed, 9 Oct 2002 15:46:49 -0400
Received: from rotala.raleigh.ibm.com (narten@localhost) by rotala.raleigh.ibm.com (8.11.6/8.11.6) with ESMTP id g99Jj4I32387; Wed, 9 Oct 2002 15:45:04 -0400
Message-Id: <200210091945.g99Jj4I32387@rotala.raleigh.ibm.com>
To: Mark Stapp <mjs@cisco.com>
cc: dhcwg@ietf.org
Subject: Re: [dhcwg] status of draft-ietf-dhc-agent-subnet-selection
In-Reply-To: Message from Mark Stapp <mjs@cisco.com> of "Wed, 09 Oct 2002 15:29:46 EDT." <4.3.2.7.2.20021009151714.01a1ccc8@goblet.cisco.com>
Date: Wed, 09 Oct 2002 15:45:04 -0400
From: Thomas Narten <narten@us.ibm.com>
Sender: dhcwg-admin@ietf.org
Errors-To: dhcwg-admin@ietf.org
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Id: <dhcwg.ietf.org>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>

Mark Stapp <mjs@cisco.com> writes:

> I had thought that the progressing relay-agent-authentication draft was the 
> response to Thomas's issue.

You mean draft-ietf-dhc-auth-suboption-00.txt? That would seem to be a
good step!

But I think the IESG also has asked  for a recharter and a more
general plan for dealing with DHC security.

I also agree with Mark that using IPsec, while possible, isn't
necessarily the obvious answer. I think a very real question is
whether one could get IPsec deployed on the relay agent devices where
its usage is actually needed most.

Note also, that IPsec (without IKE) might be adequate too. Manual
keying may well be workable given the trust relationship between DHC
servers and relay agents.

Thomas
_______________________________________________
dhcwg mailing list
dhcwg@ietf.org
https://www1.ietf.org/mailman/listinfo/dhcwg

v2.15.0 | Report a Bug | By Email