Re: [dhcwg] status of draft-ietf-dhc-agent-subnet-selection

Ted Lemon <Ted.Lemon@nominum.com> Tue, 08 October 2002 19:48 UTC

Received: from www1.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id PAA28453 for <dhcwg-archive@odin.ietf.org>; Tue, 8 Oct 2002 15:48:38 -0400 (EDT)
Received: (from mailnull@localhost) by www1.ietf.org (8.11.6/8.11.6) id g98JoHh26683 for dhcwg-archive@odin.ietf.org; Tue, 8 Oct 2002 15:50:17 -0400
Received: from ietf.org (odin.ietf.org [132.151.1.176]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id g98JoHv26680 for <dhcwg-web-archive@optimus.ietf.org>; Tue, 8 Oct 2002 15:50:17 -0400
Received: from www1.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id PAA28440 for <dhcwg-web-archive@ietf.org>; Tue, 8 Oct 2002 15:48:08 -0400 (EDT)
Received: from www1.ietf.org (localhost.localdomain [127.0.0.1]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id g98Jm2v26596; Tue, 8 Oct 2002 15:48:02 -0400
Received: from ietf.org (odin.ietf.org [132.151.1.176]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id g98Jlmv26580 for <dhcwg@optimus.ietf.org>; Tue, 8 Oct 2002 15:47:48 -0400
Received: from toccata.fugue.com (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id PAA28357 for <dhcwg@ietf.org>; Tue, 8 Oct 2002 15:45:37 -0400 (EDT)
Received: from nominum.com (dsl-64-193-175-153.telocity.com [64.193.175.153]) by toccata.fugue.com (8.11.6/8.6.11) with ESMTP id g98Jal202536; Tue, 8 Oct 2002 14:36:48 -0500 (CDT)
Date: Tue, 8 Oct 2002 14:47:41 -0500
Subject: Re: [dhcwg] status of draft-ietf-dhc-agent-subnet-selection
Content-Type: text/plain; charset=US-ASCII; format=flowed
Mime-Version: 1.0 (Apple Message framework v546)
Cc: dhcwg@ietf.org, rdroms@cisco.com, Kim Kinnear <kkinnear@cisco.com>, "Bernie Volz (EUD)" <Bernie.Volz@am1.ericsson.se>
To: Thomas Narten <narten@us.ibm.com>
From: Ted Lemon <Ted.Lemon@nominum.com>
In-Reply-To: <200210081911.g98JBEK28127@rotala.raleigh.ibm.com>
Message-Id: <CEAC69D0-DAF6-11D6-A9B4-00039367340A@nominum.com>
Content-Transfer-Encoding: 7bit
X-Mailer: Apple Mail (2.546)
Content-Transfer-Encoding: 7bit
Sender: dhcwg-admin@ietf.org
Errors-To: dhcwg-admin@ietf.org
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Id: <dhcwg.ietf.org>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
Content-Transfer-Encoding: 7bit
Content-Transfer-Encoding: 7bit

> In DHCPv6, using IPsec makes sense. The relay agent is originating a
> new message that it sends to the DHC server.
>
> But DHCPv4 is different, in that it relays the client packet. So IPsec
> can't really be used there. But certainly a DHC-specific
> authentication option could be defined for covering the relay agent
> option and/or portions of the client request.

IPsec is done at the IP header level.   The IP header for the DHCPv4 
relay agent is in fact newly-generated.   So I don't see how this would 
be a problem.   The difference between v4 and v6 relaying has to do 
with the format of the newly-generated packet, not with the IP header.

_______________________________________________
dhcwg mailing list
dhcwg@ietf.org
https://www1.ietf.org/mailman/listinfo/dhcwg