datatracker.ietf.org
Sign in
Version 5.6.3, 2014-09-19
Report a bug

The Authentication Suboption for the Dynamic Host Configuration Protocol (DHCP) Relay Agent Option
RFC 4030

Document type: RFC - Proposed Standard (April 2005; No errata)
Document stream: IETF
Last updated: 2013-03-02
Other versions: plain text, pdf, html

IETF State: (None)
Consensus: Unknown
Document shepherd: No shepherd assigned

IESG State: RFC 4030 (Proposed Standard)
Responsible AD: Margaret Wasserman
Send notices to: No addresses provided

Network Working Group                                           M. Stapp
Request for Comments: 4030                           Cisco Systems, Inc.
Category: Standards Track                                      T. Lemon
                                                           Nominum, Inc.
                                                              March 2005

                 The Authentication Suboption for the
     Dynamic Host Configuration Protocol (DHCP) Relay Agent Option

Status of This Memo

   This document specifies an Internet standards track protocol for the
   Internet community, and requests discussion and suggestions for
   improvements.  Please refer to the current edition of the "Internet
   Official Protocol Standards" (STD 1) for the standardization state
   and status of this protocol.  Distribution of this memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (2005).

Abstract

   The Dynamic Host Configuration Protocol (DHCP) Relay Agent
   Information Option (RFC 3046) conveys information between a DHCP
   Relay Agent and a DHCP server.  This specification defines an
   authentication suboption for that option, containing a keyed hash in
   its payload.  The suboption supports data integrity and replay
   protection for relayed DHCP messages.

Stapp & Lemon               Standards Track                     [Page 1]
RFC 4030                Authentication Suboption              March 2005

Table of Contents

   1.  Introduction . . . . . . . . . . . . . . . . . . . . . . . .   2
   2.  Requirements Terminology . . . . . . . . . . . . . . . . . .   3
   3.  DHCP Terminology . . . . . . . . . . . . . . . . . . . . . .   4
   4.  Suboption Format . . . . . . . . . . . . . . . . . . . . . .   4
   5.  Replay Detection . . . . . . . . . . . . . . . . . . . . . .   5
   6.  The Relay Identifier Field . . . . . . . . . . . . . . . . .   5
   7.  Computing Authentication Information . . . . . . . . . . . .   6
       7.1.  The HMAC-SHA1 Algorithm  . . . . . . . . . . . . . . .   6
   8.  Procedures for Sending Messages  . . . . . . . . . . . . . .   7
       8.1.  Replay Detection . . . . . . . . . . . . . . . . . . .   7
       8.2.  Packet Preparation . . . . . . . . . . . . . . . . . .   8
       8.3.  Checksum Computation . . . . . . . . . . . . . . . . .   8
       8.4.  Sending the Message  . . . . . . . . . . . . . . . . .   8
   9.  Procedures for Processing Incoming Messages  . . . . . . . .   8
       9.1.  Initial Examination  . . . . . . . . . . . . . . . . .   8
       9.2.  Replay Detection Check . . . . . . . . . . . . . . . .   9
       9.3.  Testing the Checksum . . . . . . . . . . . . . . . . .   9
   10. Relay Agent Behavior . . . . . . . . . . . . . . . . . . . .   9
       10.1. Receiving Messages from Other Relay Agents . . . . . .  10
       10.2. Sending Messages to Servers  . . . . . . . . . . . . .  10
       10.3. Receiving Messages from Servers  . . . . . . . . . . .  10
   11. DHCP Server Behavior . . . . . . . . . . . . . . . . . . . .  10
       11.1. Receiving Messages from Relay Agents . . . . . . . . .  10
       11.2. Sending Reply Messages to Relay Agents . . . . . . . .  11
   12. IANA Considerations  . . . . . . . . . . . . . . . . . . . .  11
   13. Security Considerations  . . . . . . . . . . . . . . . . . .  11
       13.1. The Key ID Field . . . . . . . . . . . . . . . . . . .  12
       13.2. Protocol Vulnerabilities . . . . . . . . . . . . . . .  12
   14. Acknowledgements . . . . . . . . . . . . . . . . . . . . . .  13
   15. References . . . . . . . . . . . . . . . . . . . . . . . . .  13
       15.1. Normative References . . . . . . . . . . . . . . . . .  13
       15.2. Informative References . . . . . . . . . . . . . . . .  13
   Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . .  14
   Full Copyright Statement . . . . . . . . . . . . . . . . . . . .  15

1.  Introduction

   DHCP (RFC 2131 [6]) provides IP addresses and configuration
   information for IPv4 clients.  It includes a relay-agent capability
   (RFC 951 [7], RFC 1542 [8]) in which processes within the network
   infrastructure receive broadcast messages from clients and forward
   them to servers as unicast messages.  In network environments such as
   DOCSIS data-over-cable and xDSL, for example, it has proven useful
   for the relay agent to add information to the DHCP message before
   forwarding it, by using the relay-agent information option (RFC 3046
   [1]).  The kind of information that relays add is often used in the

Stapp & Lemon               Standards Track                     [Page 2]
RFC 4030                Authentication Suboption              March 2005

   server's decision-making about the addresses and configuration

[include full document text]