Skip to main content

The Authentication Suboption for the Dynamic Host Configuration Protocol (DHCP) Relay Agent Option
draft-ietf-dhc-auth-suboption-05

Yes

(Margaret Cullen)

No Objection

(Alex Zinin)
(Bert Wijnen)
(Bill Fenner)
(David Kessens)
(Harald Alvestrand)
(Jon Peterson)
(Ned Freed)
(Scott Hollenbeck)
(Steven Bellovin)
(Thomas Narten)

Note: This ballot was opened for revision 05 and is now closed.

Margaret Cullen Former IESG member
Yes
Yes () Unknown

                            
Alex Zinin Former IESG member
No Objection
No Objection () Unknown

                            
Allison Mankin Former IESG member
(was Discuss) No Objection
No Objection (2004-02-19) Unknown
Is there still a difference between DHCP, and say SIP, in whether a 
vendor must implement security mechanisms such as these 
sub-options?
Bert Wijnen Former IESG member
No Objection
No Objection () Unknown

                            
Bill Fenner Former IESG member
No Objection
No Objection () Unknown

                            
David Kessens Former IESG member
No Objection
No Objection () Unknown

                            
Harald Alvestrand Former IESG member
No Objection
No Objection () Unknown

                            
Jon Peterson Former IESG member
No Objection
No Objection () Unknown

                            
Ned Freed Former IESG member
No Objection
No Objection () Unknown

                            
Russ Housley Former IESG member
(was Discuss) No Objection
No Objection (2004-02-17) Unknown
  This document uses 'signature' improperly.  See the definition of 'digital
  signature' in RFC 2828.  The discussion under "$ message authentication
  code vs. Message Authentication Code (MAC)" may help the authors select a
  better word.  I am willing to let the current usage stand for compatibility
  with previously published documents.  I would really like to see a paragraph
  added to the terminology discussion that makes it clear what 'signature'
  means in this document.
  
  The 'DISCUSSION' paragraph in section 7.1 ought to be in the Security
  Considerations.

  Please change 'IPSEC' to 'IPsec' (the title of the referenced document
  will be changed to reflect this convention prior to publication).
Scott Hollenbeck Former IESG member
No Objection
No Objection () Unknown

                            
Steven Bellovin Former IESG member
No Objection
No Objection () Unknown

                            
Ted Hardie Former IESG member
No Objection
No Objection (2004-02-17) Unknown
The draft contains the following text in Section 11:

   DHCP servers may interact with multiple relay agents. Server
   implementations MAY support configuration that associates the same
   algorithm and key with all relay agents. Servers MAY support
   configuration which specifies the algorithm and key to use with each
   relay agent individually.

This key management choices are not then discussed in the Security
Considerations section.  Since that section does discuss the choice
between using the IPSec mechanism for authentication (with
its related key management implications), it seems like it would be
useful to mention it there.  This is particularly true because of the 
Security considerations text here:

   If IPsec is not available or there are multiple relay agents for which
   multiple keys must be managed, the protocol described in this
   document may be appropriate.
Thomas Narten Former IESG member
(was Discuss) No Objection
No Objection () Unknown