Re: [dhcwg] Use of IPsec between relay agents and servers

Ralph Meyer <rme@hycomat.co.uk> Thu, 20 September 2001 08:20 UTC

Received: from optimus.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id EAA03641; Thu, 20 Sep 2001 04:20:49 -0400 (EDT)
Received: from optimus.ietf.org (localhost [127.0.0.1]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id EAA15193; Thu, 20 Sep 2001 04:17:06 -0400 (EDT)
Received: from ietf.org (odin [132.151.1.176]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id EAA15168 for <dhcwg@optimus.ietf.org>; Thu, 20 Sep 2001 04:17:04 -0400 (EDT)
Received: from mail.hycomat.co.uk (ns.hycomat.co.uk [194.153.168.33]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id EAA03600 for <dhcwg@ietf.org>; Thu, 20 Sep 2001 04:17:00 -0400 (EDT)
Received: from rme by mail.hycomat.co.uk with local (Exim 3.15 #1) id 15jxoA-0008Nk-00 for dhcwg@ietf.org; Thu, 20 Sep 2001 06:59:38 +0000
Subject: Re: [dhcwg] Use of IPsec between relay agents and servers
To: dhcwg@ietf.org
Date: Thu, 20 Sep 2001 06:59:38 +0000 (UTC)
In-Reply-To: <4.3.2.7.2.20010919171918.03b9b840@funnel.cisco.com> from "Ralph Droms" at Sep 19, 2001 05:21:22 PM
X-Mailer: ELM [version 2.5 PL3]
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-Id: <E15jxoA-0008Nk-00@mail.hycomat.co.uk>
From: Ralph Meyer <rme@hycomat.co.uk>
Content-Transfer-Encoding: 7bit
Sender: dhcwg-admin@ietf.org
Errors-To: dhcwg-admin@ietf.org
X-Mailman-Version: 1.0
Precedence: bulk
List-Id: <dhcwg.ietf.org>
X-BeenThere: dhcwg@ietf.org
Content-Transfer-Encoding: 7bit

Why not removing relay agents at all, as proposed in 
"draft-prigent-dhcpv6-threats-00.txt(section 4)". 
With a site local prefix, that can only be used 
to reach the dhcp server. This prefix can predefinded
or advertised over RAs. 

Ralpm M.


> 
> I'm about to add the text to specify the use of IPsec between relay agents 
> and servers in DHCPv6.  Any security experts out there want to volunteer to 
> devise and write up a standard mechanism; or, shall I just specify the use 
> of IPsec and reference RFC 2401?
> 
> - Ralph
> 
> 
> _______________________________________________
> dhcwg mailing list
> dhcwg@ietf.org
> http://www1.ietf.org/mailman/listinfo/dhcwg
> 


_______________________________________________
dhcwg mailing list
dhcwg@ietf.org
http://www1.ietf.org/mailman/listinfo/dhcwg