IETF Logo Mail Archive

Re: [dhcwg] DUID on a Virtual Host

Ted Lemon <Ted.Lemon@nominum.com> Tue, 20 February 2007 21:53 UTC

Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1HJcv3-0004jR-JS; Tue, 20 Feb 2007 16:53:05 -0500
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1HJcv2-0004jL-5K for dhcwg@ietf.org; Tue, 20 Feb 2007 16:53:04 -0500
Received: from shell-ng.nominum.com ([81.200.64.181]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1HJcv0-0000fn-On for dhcwg@ietf.org; Tue, 20 Feb 2007 16:53:04 -0500
Received: from mail.nominum.com (mail.nominum.com [81.200.64.186]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by shell-ng.nominum.com (Postfix) with ESMTP id 243795684E; Tue, 20 Feb 2007 13:52:48 -0800 (PST) (envelope-from Ted.Lemon@nominum.com)
X-Spam-Status: No, hits=0.0 required=8.4 tests=AWL: -0.736,BAYES_99: 4.07,CUSTOM_RULE_FROM: ALLOW, TOTAL_SCORE: 3.334
X-Spam-Level:
Received: from [10.0.0.190] ([66.93.162.128]) (authenticated user mellon@nominum.com) by mail.nominum.com (using TLSv1/SSLv3 with cipher AES128-SHA (128 bits)); Tue, 20 Feb 2007 13:52:45 -0800
In-Reply-To: <45DB65B8.7080107@us.ibm.com>
References: <8E296595B6471A4689555D5D725EBB21035095C8@xmb-rtp-20a.amer.cisco.com> <200702201524.l1KFOQO4026527@cichlid.raleigh.ibm.com> <39C363776A4E8C4A94691D2BD9D1C9A101774702@XCH-NW-7V2.nw.nos.boeing.com> <45DB65B8.7080107@us.ibm.com>
Mime-Version: 1.0 (Apple Message framework v752.3)
Content-Type: text/plain; charset="US-ASCII"; delsp="yes"; format="flowed"
Message-Id: <E8F789A0-772A-4B56-9AFF-D0925A0FF5EC@nominum.com>
Content-Transfer-Encoding: 7bit
From: Ted Lemon <Ted.Lemon@nominum.com>
Subject: Re: [dhcwg] DUID on a Virtual Host
Date: Tue, 20 Feb 2007 14:52:38 -0700
To: Roy Brabson <rbrabson@us.ibm.com>
X-Mailer: Apple Mail (2.752.3)
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 79899194edc4f33a41f49410777972f8
Cc: narten@us.ibm.com, dhcwg@ietf.org, "Templin, Fred L" <Fred.L.Templin@boeing.com>, volz@cisco.com
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: dhcwg.ietf.org
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
Errors-To: dhcwg-bounces@ietf.org

On Feb 20, 2007, at 2:18 PM, Roy Brabson wrote:
> But, stepping back for a second, are public keys considered unique,
> anyway?  I'm not a security expert, but I  thought public keys were
> generated by the end user, and there is nothing that prevents two  
> users
> from generating the same public key.  If so, how  does a a DHCP server
> differentiate between two hosts that choose to use the same public  
> key.

In fact, what I would say about this whole conversation is that keys,  
like clients, are *things to be identified*, not *identifiers*.   You  
call a key something.   Every piece of key generation software I've  
ever used has worked that way - whether you're generating an ssh key  
or an SSL key or a DNS key, the key has a name, and you refer to it  
by name.   It may be that for some reason it makes sense to include a  
public key in a DHCP transaction, but including it *as the  
identifier* strikes me as confusing two functions - identification  
and authentication.



_______________________________________________
dhcwg mailing list
dhcwg@ietf.org
https://www1.ietf.org/mailman/listinfo/dhcwg

v2.30.2 | Report a Bug | By Email | System Status