The Authentication Suboption for the Dynamic Host Configuration Protocol (DHCP) Relay Agent Option
draft-ietf-dhc-auth-suboption-05
Yes
(Margaret Cullen)
No Objection
(Alex Zinin)
(Bert Wijnen)
(Bill Fenner)
(David Kessens)
(Harald Alvestrand)
(Jon Peterson)
(Ned Freed)
(Scott Hollenbeck)
(Steven Bellovin)
(Thomas Narten)
Note: This ballot was opened for revision 05 and is now closed.
Margaret Cullen Former IESG member
Yes
Yes
()
Unknown
Alex Zinin Former IESG member
No Objection
No Objection
()
Unknown
Allison Mankin Former IESG member
(was Discuss)
No Objection
No Objection
(2004-02-19)
Unknown
Is there still a difference between DHCP, and say SIP, in whether a vendor must implement security mechanisms such as these sub-options?
Bert Wijnen Former IESG member
No Objection
No Objection
()
Unknown
Bill Fenner Former IESG member
No Objection
No Objection
()
Unknown
David Kessens Former IESG member
No Objection
No Objection
()
Unknown
Harald Alvestrand Former IESG member
No Objection
No Objection
()
Unknown
Jon Peterson Former IESG member
No Objection
No Objection
()
Unknown
Ned Freed Former IESG member
No Objection
No Objection
()
Unknown
Russ Housley Former IESG member
(was Discuss)
No Objection
No Objection
(2004-02-17)
Unknown
This document uses 'signature' improperly. See the definition of 'digital signature' in RFC 2828. The discussion under "$ message authentication code vs. Message Authentication Code (MAC)" may help the authors select a better word. I am willing to let the current usage stand for compatibility with previously published documents. I would really like to see a paragraph added to the terminology discussion that makes it clear what 'signature' means in this document. The 'DISCUSSION' paragraph in section 7.1 ought to be in the Security Considerations. Please change 'IPSEC' to 'IPsec' (the title of the referenced document will be changed to reflect this convention prior to publication).
Scott Hollenbeck Former IESG member
No Objection
No Objection
()
Unknown
Steven Bellovin Former IESG member
No Objection
No Objection
()
Unknown
Ted Hardie Former IESG member
No Objection
No Objection
(2004-02-17)
Unknown
The draft contains the following text in Section 11: DHCP servers may interact with multiple relay agents. Server implementations MAY support configuration that associates the same algorithm and key with all relay agents. Servers MAY support configuration which specifies the algorithm and key to use with each relay agent individually. This key management choices are not then discussed in the Security Considerations section. Since that section does discuss the choice between using the IPSec mechanism for authentication (with its related key management implications), it seems like it would be useful to mention it there. This is particularly true because of the Security considerations text here: If IPsec is not available or there are multiple relay agents for which multiple keys must be managed, the protocol described in this document may be appropriate.
Thomas Narten Former IESG member
(was Discuss)
No Objection
No Objection
()
Unknown