Re: [dhcwg] FW: RFC3315 question
"David W. Hankins" <David_Hankins@isc.org> Mon, 19 February 2007 23:09 UTC
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1HJHdE-0004CG-Cy; Mon, 19 Feb 2007 18:09:16 -0500
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1HJHdD-0004Av-NA for dhcwg@ietf.org; Mon, 19 Feb 2007 18:09:15 -0500
Received: from goliath.isc.org ([2001:4f8:3:bb::72]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1HJHdA-0004xj-7w for dhcwg@ietf.org; Mon, 19 Feb 2007 18:09:15 -0500
Received: by goliath.isc.org (Postfix, from userid 10200) id 2DB1D5A6ED; Mon, 19 Feb 2007 15:08:51 -0800 (PST)
Date: Mon, 19 Feb 2007 15:08:51 -0800
From: "David W. Hankins" <David_Hankins@isc.org>
To: dhcwg@ietf.org
Subject: Re: [dhcwg] FW: RFC3315 question
Message-ID: <20070219230851.GD2628@isc.org>
References: <C1FB91F4.3AB2D%rdroms@cisco.com> <8E296595B6471A4689555D5D725EBB2103467C67@xmb-rtp-20a.amer.cisco.com> <39C363776A4E8C4A94691D2BD9D1C9A1017746F5@XCH-NW-7V2.nw.nos.boeing.com>
Mime-Version: 1.0
In-Reply-To: <39C363776A4E8C4A94691D2BD9D1C9A1017746F5@XCH-NW-7V2.nw.nos.boeing.com>
User-Agent: Mutt/1.5.9i
X-Spam-Score: -2.8 (--)
X-Scan-Signature: e8a67952aa972b528dd04570d58ad8fe
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: dhcwg.ietf.org
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
Content-Type: multipart/mixed; boundary="===============0566098214=="
Errors-To: dhcwg-bounces@ietf.org
On Sat, Feb 17, 2007 at 11:38:12AM -0800, Templin, Fred L wrote: > In particular, it might be useful to define > a new DUID type that includes a client's public key such as > required by RFC3972. The actual format of the DUID type is for > further study, e.g., in addition to the public key it might be > desireable to include a link-layer address, a timestamp, etc. I think it's a fantastic idea. If servers and clients could identify themselves with a public key, then we could exchange greater varieties of configuration information (which may require encryption) over an encapsulated option. The trust model for such exchanges would need some careful thought, but on first inspection I see no reason why the SSH model can't be adopted here (ask the operator, then cache the key with link layer hints). I've long wanted to experiment with public keys in DHCPv4 authentication...due to the size limitations in DHCPv4 payloads, that's sent me down some ratholes I have vague notions for, but nothing (yet) I wish to expose to the scrutiny of public review. Since DHCPv4 now defines RFC3315 DUID's as client-identifier contents (with the IAID prepended), I think there's a great deal of good that could come from defining a method to transport unique indexes to public keys, rather than the keys themselves, in the DUID so that we could leverage the same mechanism for both protocols (by writing a draft that lifts the DHCPv4 server restriction that client identifiers be opaque). I think there are some non-trivial challenges here, but any effort down this path is worth our learning something from it. -- ISC Training! http://www.isc.org/training/ training@isc.org Washington DC area, April 16-20 2007. DNS & BIND, DDNS & DHCP. -- David W. Hankins "If you don't do it right the first time, Software Engineer you'll just have to do it again." Internet Systems Consortium, Inc. -- Jack T. Hankins
_______________________________________________ dhcwg mailing list dhcwg@ietf.org https://www1.ietf.org/mailman/listinfo/dhcwg
- [dhcwg] FW: RFC3315 question Ralph Droms
- Re: [dhcwg] FW: RFC3315 question Shane Kerr
- RE: [dhcwg] FW: RFC3315 question Bernie Volz (volz)
- RE: [dhcwg] FW: RFC3315 question Templin, Fred L
- RE: [dhcwg] FW: RFC3315 question Bernie Volz (volz)
- Re: [dhcwg] FW: RFC3315 question Ted Lemon
- RE: [dhcwg] FW: RFC3315 question Bernie Volz (volz)
- Re: [dhcwg] FW: RFC3315 question Ted Lemon
- Re: [dhcwg] FW: RFC3315 question Markus Stenberg
- Re: [dhcwg] FW: RFC3315 question David W. Hankins
- Re: [dhcwg] FW: RFC3315 question Ralph Droms
- RE: [dhcwg] FW: RFC3315 question Bernie Volz (volz)
- Re: [dhcwg] FW: RFC3315 question Ted Lemon