Network Working Group M. Stapp
Request for Comments: 4030 Cisco Systems, Inc.
Category: Standards Track T. Lemon
Nominum, Inc.
March 2005
The Authentication Suboption for the
Dynamic Host Configuration Protocol (DHCP) Relay Agent Option
Status of This Memo
This document specifies an Internet standards track protocol for the
Internet community, and requests discussion and suggestions for
improvements. Please refer to the current edition of the "Internet
Official Protocol Standards" (STD 1) for the standardization state
and status of this protocol. Distribution of this memo is unlimited.
Copyright Notice
Copyright (C) The Internet Society (2005).
Abstract
The Dynamic Host Configuration Protocol (DHCP) Relay Agent
Information Option (RFC 3046) conveys information between a DHCP
Relay Agent and a DHCP server. This specification defines an
authentication suboption for that option, containing a keyed hash in
its payload. The suboption supports data integrity and replay
protection for relayed DHCP messages.
Stapp & Lemon Standards Track [Page 1]
RFC 4030 Authentication Suboption March 2005
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
2. Requirements Terminology . . . . . . . . . . . . . . . . . . 3
3. DHCP Terminology . . . . . . . . . . . . . . . . . . . . . . 4
4. Suboption Format . . . . . . . . . . . . . . . . . . . . . . 4
5. Replay Detection . . . . . . . . . . . . . . . . . . . . . . 5
6. The Relay Identifier Field . . . . . . . . . . . . . . . . . 5
7. Computing Authentication Information . . . . . . . . . . . . 6
7.1. The HMAC-SHA1 Algorithm . . . . . . . . . . . . . . . 6
8. Procedures for Sending Messages . . . . . . . . . . . . . . 7
8.1. Replay Detection . . . . . . . . . . . . . . . . . . . 7
8.2. Packet Preparation . . . . . . . . . . . . . . . . . . 8
8.3. Checksum Computation . . . . . . . . . . . . . . . . . 8
8.4. Sending the Message . . . . . . . . . . . . . . . . . 8
9. Procedures for Processing Incoming Messages . . . . . . . . 8
9.1. Initial Examination . . . . . . . . . . . . . . . . . 8
9.2. Replay Detection Check . . . . . . . . . . . . . . . . 9
9.3. Testing the Checksum . . . . . . . . . . . . . . . . . 9
10. Relay Agent Behavior . . . . . . . . . . . . . . . . . . . . 9
10.1. Receiving Messages from Other Relay Agents . . . . . . 10
10.2. Sending Messages to Servers . . . . . . . . . . . . . 10
10.3. Receiving Messages from Servers . . . . . . . . . . . 10
11. DHCP Server Behavior . . . . . . . . . . . . . . . . . . . . 10
11.1. Receiving Messages from Relay Agents . . . . . . . . . 10
11.2. Sending Reply Messages to Relay Agents . . . . . . . . 11
12. IANA Considerations . . . . . . . . . . . . . . . . . . . . 11
13. Security Considerations . . . . . . . . . . . . . . . . . . 11
13.1. The Key ID Field . . . . . . . . . . . . . . . . . . . 12
13.2. Protocol Vulnerabilities . . . . . . . . . . . . . . . 12
14. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 13
15. References . . . . . . . . . . . . . . . . . . . . . . . . . 13
15.1. Normative References . . . . . . . . . . . . . . . . . 13
15.2. Informative References . . . . . . . . . . . . . . . . 13
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 14
Full Copyright Statement . . . . . . . . . . . . . . . . . . . . 15
1. Introduction
DHCP (RFC 2131 [6]) provides IP addresses and configuration
information for IPv4 clients. It includes a relay-agent capability
(RFC 951 [7], RFC 1542 [8]) in which processes within the network
infrastructure receive broadcast messages from clients and forward
them to servers as unicast messages. In network environments such as
DOCSIS data-over-cable and xDSL, for example, it has proven useful
for the relay agent to add information to the DHCP message before
forwarding it, by using the relay-agent information option (RFC 3046
[1]). The kind of information that relays add is often used in the
Stapp & Lemon Standards Track [Page 2]
RFC 4030 Authentication Suboption March 2005
server's decision-making about the addresses and configuration
datatracker.ietf.org