Re: [dhcwg] WG last call on draft-ietf-dhc-suboptions-kdc-serveraddress-03.txt
Ralph Droms <rdroms@cisco.com> Thu, 13 March 2003 14:15 UTC
Received: from www1.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id JAA01138; Thu, 13 Mar 2003 09:15:25 -0500 (EST)
Received: from www1.ietf.org (localhost.localdomain [127.0.0.1]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h2DETiO30727; Thu, 13 Mar 2003 09:29:44 -0500
Received: from ietf.org (odin.ietf.org [132.151.1.176]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h2DEQoO30599 for <dhcwg@optimus.ietf.org>; Thu, 13 Mar 2003 09:26:50 -0500
Received: from rtp-core-2.cisco.com (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id JAA01068 for <dhcwg@ietf.org>; Thu, 13 Mar 2003 09:11:50 -0500 (EST)
Received: from funnel.cisco.com (funnel.cisco.com [161.44.168.79]) by rtp-core-2.cisco.com (8.12.6/8.12.6) with ESMTP id h2DEDwvD005139 for <dhcwg@ietf.org>; Thu, 13 Mar 2003 09:13:59 -0500 (EST)
Received: from rdroms-w2k.cisco.com (dhcp-161-44-149-248.cisco.com [161.44.149.248]) by funnel.cisco.com (8.8.5-Cisco.1/8.6.5) with ESMTP id JAA00535 for <dhcwg@ietf.org>; Thu, 13 Mar 2003 09:13:58 -0500 (EST)
Message-Id: <4.3.2.7.2.20030313090609.0204f490@funnel.cisco.com>
X-Sender: rdroms@funnel.cisco.com
X-Mailer: QUALCOMM Windows Eudora Version 4.3.2
Date: Thu, 13 Mar 2003 09:13:58 -0500
To: dhcwg@ietf.org
From: Ralph Droms <rdroms@cisco.com>
Subject: Re: [dhcwg] WG last call on draft-ietf-dhc-suboptions-kdc-serveraddress-03.txt
In-Reply-To: <Pine.GSO.4.44.0303101442190.8532-100000@funnel.cisco.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format="flowed"
Sender: dhcwg-admin@ietf.org
Errors-To: dhcwg-admin@ietf.org
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Id: <dhcwg.ietf.org>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
In the second paragraph of the introduction, at the top of page 2, there is
an explanation of the motivation for this sub-option:
The class of devices assumed in [2] is unlike the class
of devices considered in [1], which perform a DNS lookup of the
Kerberos Realm name to find the KDC server network address.
[1] "DHCP Option for CableLabs Client Configuration draft-ietf-dhc-
packetcable-06", IETF, February 2003.
[2] "CableHome 1.0 Specification SP-CH1.0-I03-030124", CableLabs,
January 2003, http://www.cablelabs.com/projects/cablehome/
specifications/.
I looked in the CableHome specification [2], but couldn't find any
text giving a more detailed explanation of the difference between
the two kinds of clients. The KDC server address specification
could use more detail, either by reference to the CableHome
specification or in the KDC server address specification itself.
Also, the "Security Considerations" section needs to either require
the use of authenticated DHCP or explain why a rogue DHCP server
can't compromise a CableHome client by sending the addresses of
rogue KDC servers.
- Ralph
_______________________________________________
dhcwg mailing list
dhcwg@ietf.org
https://www1.ietf.org/mailman/listinfo/dhcwg