IETF Logo Mail Archive

Re: [dhcwg] IPsec for DHCPv6 client ?

Jean-Mickael Guerin <jean-mickael.guerin@6wind.com> Tue, 10 September 2002 07:42 UTC

Received: from www1.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id DAA06694 for <dhcwg-archive@odin.ietf.org>; Tue, 10 Sep 2002 03:42:22 -0400 (EDT)
Received: (from mailnull@localhost) by www1.ietf.org (8.11.6/8.11.6) id g8A7hbC07584 for dhcwg-archive@odin.ietf.org; Tue, 10 Sep 2002 03:43:37 -0400
Received: from ietf.org (odin.ietf.org [132.151.1.176]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id g8A7hav07581 for <dhcwg-web-archive@optimus.ietf.org>; Tue, 10 Sep 2002 03:43:36 -0400
Received: from www1.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id DAA06682 for <dhcwg-web-archive@ietf.org>; Tue, 10 Sep 2002 03:41:51 -0400 (EDT)
Received: from www1.ietf.org (localhost.localdomain [127.0.0.1]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id g8A7eVv07479; Tue, 10 Sep 2002 03:40:31 -0400
Received: from ietf.org (odin.ietf.org [132.151.1.176]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id g8A7dmv07428 for <dhcwg@optimus.ietf.org>; Tue, 10 Sep 2002 03:39:48 -0400
Received: from proxy.6wind.com (proxy.6wind.com [194.250.197.211]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id DAA06579 for <dhcwg@ietf.org>; Tue, 10 Sep 2002 03:38:01 -0400 (EDT)
Received: from intranet.6wind.com (intranet [10.0.0.113]) by proxy.6wind.com (Postfix) with ESMTP id 40B523E2 for <dhcwg@ietf.org>; Tue, 10 Sep 2002 09:44:24 +0200 (CEST)
Received: from 6wind.com (unknown [10.16.0.134]) by intranet.6wind.com (Postfix) with ESMTP id 47B85B4FA for <dhcwg@ietf.org>; Tue, 10 Sep 2002 09:37:33 +0200 (CEST)
Message-ID: <3D7DA193.8030906@6wind.com>
Date: Tue, 10 Sep 2002 09:38:59 +0200
From: Jean-Mickael Guerin <jean-mickael.guerin@6wind.com>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; fr-FR; rv:0.9.4.1) Gecko/20020508 Netscape6/6.2.3
X-Accept-Language: fr-fr
MIME-Version: 1.0
To: dhcwg@ietf.org
Subject: Re: [dhcwg] IPsec for DHCPv6 client ?
References: <37E52D8A-C454-11D6-8C0A-00039367340A@nominum.com>
Content-Type: text/plain; charset="us-ascii"; format="flowed"
Content-Transfer-Encoding: 7bit
Content-Transfer-Encoding: 7bit
Sender: dhcwg-admin@ietf.org
Errors-To: dhcwg-admin@ietf.org
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Id: <dhcwg.ietf.org>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
Content-Transfer-Encoding: 7bit
Content-Transfer-Encoding: 7bit


Ted Lemon wrote:

>> Why is not proposed using IPsec to secure communications between 
>> clients and servers with the some restrictions, i.e. installation of 
>> static keys as shared secret, in intra-domain ?
>
>
> Because in general we don't expect that such a security association 
> would exist.   In general, you are plugging a device into the network, 
> and you want it to work - you don't want to have to configure it 
> before you plug it in.   If you wanted that, you wouldn't be using 
> DHCP, right?   The only plausible exception I can come up with is a 
> cell phone, where perhaps the provider would install an IPsec key in 
> the phone.   But even then, I'm skeptical that it could be made to 
> work the way you describe.
>
My point concerns the possibility of using IPsec in scenario where DHCP 
Authentication is proposed. Because DHCP Authentication relies on shared 
secret, I think the draft should have a section about this, even if it 
would be limited to client and relays or client and server on same link.

Jean-Mickael

_______________________________________________
dhcwg mailing list
dhcwg@ietf.org
https://www1.ietf.org/mailman/listinfo/dhcwg

v2.23.0 | Report a Bug | By Email