IETF Logo Mail Archive

Re: [dhcwg] Reg RFC6704 (Forcerenew Nonce Authentication)

Ted Lemon <Ted.Lemon@nominum.com> Tue, 11 September 2012 12:05 UTC

Return-Path: <Ted.Lemon@nominum.com>
X-Original-To: dhcwg@ietfa.amsl.com
Delivered-To: dhcwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 819A321F87D5 for <dhcwg@ietfa.amsl.com>; Tue, 11 Sep 2012 05:05:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -106.556
X-Spam-Level:
X-Spam-Status: No, score=-106.556 tagged_above=-999 required=5 tests=[AWL=0.043, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ROmrAh281GCN for <dhcwg@ietfa.amsl.com>; Tue, 11 Sep 2012 05:05:18 -0700 (PDT)
Received: from exprod7og124.obsmtp.com (exprod7og124.obsmtp.com [64.18.2.26]) by ietfa.amsl.com (Postfix) with ESMTP id 9847321F87D2 for <dhcwg@ietf.org>; Tue, 11 Sep 2012 05:05:17 -0700 (PDT)
Received: from shell-too.nominum.com ([64.89.228.229]) (using TLSv1) by exprod7ob124.postini.com ([64.18.6.12]) with SMTP ID DSNKUE8o+PJ1luWCmDWT3qmQkFUxdj+z59Y2@postini.com; Tue, 11 Sep 2012 05:05:17 PDT
Received: from archivist.nominum.com (archivist.nominum.com [64.89.228.108]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "*.nominum.com", Issuer "Go Daddy Secure Certification Authority" (verified OK)) by shell-too.nominum.com (Postfix) with ESMTP id DC1441B8402 for <dhcwg@ietf.org>; Tue, 11 Sep 2012 05:05:11 -0700 (PDT)
Received: from webmail.nominum.com (cas-01.win.nominum.com [64.89.228.131]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (Client CN "mail.nominum.com", Issuer "Go Daddy Secure Certification Authority" (verified OK)) by archivist.nominum.com (Postfix) with ESMTPS id D557119005C; Tue, 11 Sep 2012 05:05:11 -0700 (PDT) (envelope-from Ted.Lemon@nominum.com)
Received: from MBX-01.WIN.NOMINUM.COM ([64.89.228.133]) by CAS-01.WIN.NOMINUM.COM ([64.89.228.131]) with mapi id 14.02.0247.003; Tue, 11 Sep 2012 05:05:05 -0700
From: Ted Lemon <Ted.Lemon@nominum.com>
To: "Gaurav Halwasia (ghalwasi)" <ghalwasi@cisco.com>
Thread-Topic: [dhcwg] Reg RFC6704 (Forcerenew Nonce Authentication)
Thread-Index: Ac2PQ7WbKpbVbNLxRMad4YyhUAitEwBDKVEA
Date: Tue, 11 Sep 2012 12:05:03 +0000
Message-ID: <9902D1B3-D5B6-4AE0-BA6A-B83F06074FAD@nominum.com>
References: <90903C21C73202418A48BFBE80AEE5EB103AF9@xmb-aln-x06.cisco.com>
In-Reply-To: <90903C21C73202418A48BFBE80AEE5EB103AF9@xmb-aln-x06.cisco.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [192.168.1.10]
Content-Type: text/plain; charset="Windows-1252"
Content-ID: <C97DBE7B657A424092DC206B6F4DAF5F@nominum.com>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: "dhcwg@ietf.org" <dhcwg@ietf.org>
Subject: Re: [dhcwg] Reg RFC6704 (Forcerenew Nonce Authentication)
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: <dhcwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dhcwg>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 11 Sep 2012 12:05:18 -0000

On Sep 10, 2012, at 7:02 AM, "Gaurav Halwasia (ghalwasi)" <ghalwasi@cisco.com>
 wrote:
> Is there any deliberate reason why we have not talked about and included INFORM callflow. Well, I don’t think this is deliberate, and In my opinion Forcerenew Nonce Authentication should be applicable to the INFORM-ACK call flow as well. Including INFORM-ACK is important. Appreciate if you can share your thoughts on this.

In general we don't expect DHCP servers to keep track of clients that do information requests—to do so would require a great deal more effort on the part of the DHCP server.   Consequently, there's no client record on which to store the nonce, and the DHCP server doesn't know to send the client a FORCERENEW.

v2.23.0 | Report a Bug | By Email