Re: [dhcwg] status of draft-ietf-dhc-agent-subnet-selection

Ted Lemon <Ted.Lemon@nominum.com> Tue, 08 October 2002 19:02 UTC

Received: from www1.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id PAA26738 for <dhcwg-archive@odin.ietf.org>; Tue, 8 Oct 2002 15:02:52 -0400 (EDT)
Received: (from mailnull@localhost) by www1.ietf.org (8.11.6/8.11.6) id g98J4Ws23825 for dhcwg-archive@odin.ietf.org; Tue, 8 Oct 2002 15:04:32 -0400
Received: from ietf.org (odin.ietf.org [132.151.1.176]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id g98J4Wv23822 for <dhcwg-web-archive@optimus.ietf.org>; Tue, 8 Oct 2002 15:04:32 -0400
Received: from www1.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id PAA26727 for <dhcwg-web-archive@ietf.org>; Tue, 8 Oct 2002 15:02:21 -0400 (EDT)
Received: from www1.ietf.org (localhost.localdomain [127.0.0.1]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id g98J2Nv23669; Tue, 8 Oct 2002 15:02:24 -0400
Received: from ietf.org (odin.ietf.org [132.151.1.176]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id g98IxWv23491 for <dhcwg@optimus.ietf.org>; Tue, 8 Oct 2002 14:59:32 -0400
Received: from toccata.fugue.com (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id OAA26294 for <dhcwg@ietf.org>; Tue, 8 Oct 2002 14:57:21 -0400 (EDT)
Received: from nominum.com (dsl-64-193-175-153.telocity.com [64.193.175.153]) by toccata.fugue.com (8.11.6/8.6.11) with ESMTP id g98ImE202361; Tue, 8 Oct 2002 13:48:14 -0500 (CDT)
Date: Tue, 8 Oct 2002 13:59:08 -0500
Subject: Re: [dhcwg] status of draft-ietf-dhc-agent-subnet-selection
Content-Type: text/plain; charset=US-ASCII; format=flowed
Mime-Version: 1.0 (Apple Message framework v546)
Cc: "'Thomas Narten'" <narten@us.ibm.com>, Kim Kinnear <kkinnear@cisco.com>, rdroms@cisco.com, dhcwg@ietf.org
To: "Bernie Volz (EUD)" <Bernie.Volz@am1.ericsson.se>
From: Ted Lemon <Ted.Lemon@nominum.com>
In-Reply-To: <F9211EC7A7FED4119FD9005004A6C8700AAD90C4@eamrcnt723.exu.ericsson.se>
Message-Id: <061142C8-DAF0-11D6-A9B4-00039367340A@nominum.com>
Content-Transfer-Encoding: 7bit
X-Mailer: Apple Mail (2.546)
Content-Transfer-Encoding: 7bit
Sender: dhcwg-admin@ietf.org
Errors-To: dhcwg-admin@ietf.org
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Id: <dhcwg.ietf.org>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
Content-Transfer-Encoding: 7bit
Content-Transfer-Encoding: 7bit

> Perhaps I shouldn't raise this, but it seems like we should be 
> worrying much
> more about security on the first hop (client <-> server/relay) than the
> relay <-> server hop. The latter is much easier to secure as IPsec, 
> tunneling,
> and other fairly standard techniques could be used.
>
> Also, is the DHCPv6 draft strong enough in this area to satisfy the 
> IESG (at
> least around the relay <-> server security)?

Right, the relay<->server hop is regular IP, so there's no reason not 
to use IPsec to secure it.

_______________________________________________
dhcwg mailing list
dhcwg@ietf.org
https://www1.ietf.org/mailman/listinfo/dhcwg