RE: [dhcwg] IESG feedback on draft-ietf-dhc-concat-01.txt

"Bernie Volz (EUD)" <Bernie.Volz@am1.ericsson.se> Fri, 01 February 2002 18:53 UTC

Received: from optimus.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id NAA07843 for <dhcwg-archive@odin.ietf.org>; Fri, 1 Feb 2002 13:53:21 -0500 (EST)
Received: (from daemon@localhost) by optimus.ietf.org (8.9.1a/8.9.1) id NAA03473 for dhcwg-archive@odin.ietf.org; Fri, 1 Feb 2002 13:53:25 -0500 (EST)
Received: from optimus.ietf.org (localhost [127.0.0.1]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id NAA02901; Fri, 1 Feb 2002 13:36:41 -0500 (EST)
Received: from ietf.org (odin [132.151.1.176]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id NAA02877 for <dhcwg@optimus.ietf.org>; Fri, 1 Feb 2002 13:36:39 -0500 (EST)
Received: from imr2.ericy.com (imr2.ericy.com [198.24.6.3]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id NAA07051 for <dhcwg@ietf.org>; Fri, 1 Feb 2002 13:36:35 -0500 (EST)
Received: from mr6.exu.ericsson.se (mr6att.ericy.com [138.85.224.157]) by imr2.ericy.com (8.11.3/8.11.3) with ESMTP id g11Ia8S09484 for <dhcwg@ietf.org>; Fri, 1 Feb 2002 12:36:08 -0600 (CST)
Received: from eamrcnt749 (eamrcnt749.exu.ericsson.se [138.85.133.47]) by mr6.exu.ericsson.se (8.11.3/8.11.3) with SMTP id g11Ia8O21809 for <dhcwg@ietf.org>; Fri, 1 Feb 2002 12:36:08 -0600 (CST)
Received: FROM eamrcnt760.exu.ericsson.se BY eamrcnt749 ; Fri Feb 01 12:36:07 2002 -0600
Received: by eamrcnt760.exu.ericsson.se with Internet Mail Service (5.5.2653.19) id <ZQBLR98Y>; Fri, 1 Feb 2002 12:36:07 -0600
Message-ID: <66F66129A77AD411B76200508B65AC69B4CE79@EAMBUNT705>
From: "Bernie Volz (EUD)" <Bernie.Volz@am1.ericsson.se>
To: "'Thomas Narten'" <narten@us.ibm.com>, Ted Lemon <mellon@nominum.com>
Cc: dhcwg@ietf.org
Subject: RE: [dhcwg] IESG feedback on draft-ietf-dhc-concat-01.txt
Date: Fri, 1 Feb 2002 12:36:06 -0600
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C1AB4F.4F351710"
Sender: dhcwg-admin@ietf.org
Errors-To: dhcwg-admin@ietf.org
X-Mailman-Version: 1.0
Precedence: bulk
List-Id: <dhcwg.ietf.org>
X-BeenThere: dhcwg@ietf.org

>there has been some private
>discussion that what would be useful to have is a DHC authentication
>mechanism that can use certificates, and that only authenticates the
>server to the client.

Sounds good to me. Isn't this something that 3118 supports since the server
can just send back an Authentication Option with this information? We might
need to define a new authentication type.

RE CSR draft, yes, I had assumed we would not require Auth. Just mention its
existence and suggest those concerned with security issues use it.


-----Original Message-----
From: Thomas Narten [mailto:narten@us.ibm.com]
Sent: Friday, February 01, 2002 12:32 PM
To: Ted Lemon
Cc: dhcwg@ietf.org
Subject: Re: [dhcwg] IESG feedback on draft-ietf-dhc-concat-01.txt 



> I would like to avoid having these two drafts require the implementation of 
> RFC3118, since RFC3118 by itself isn't very deployable.

Plus, has anyone even implemented it yet? Please?

On the point of 3118 deployability, there has been some private
discussion that what would be useful to have is a DHC authentication
mechanism that can use certificates, and that only authenticates the
server to the client. This would seem to be a useful deployment
scenario. Thoughts?

Also, note that the final wording in draft-aboba-dhc-domsearch-09.txt
on this point didn't require the use of 3118, but did point out its
existance. That made it through the IESG (but it also prompted the
above discussion about the desirability of a more useful/deployable
authentication mechanism).

Thomas


_______________________________________________
dhcwg mailing list
dhcwg@ietf.org
https://www1.ietf.org/mailman/listinfo/dhcwg