The Authentication Suboption for the DHCP Relay Agent Option

Document Type Expired Internet-Draft (dhc WG)
Authors Mark Stapp  , Ralph Droms  , Ted Lemon 
Last updated 2015-10-14 (latest revision 2003-06-09)
Stream Internent Engineering Task Force (IETF)
Intended RFC status Proposed Standard
Expired & archived
pdf htmlized (tools) htmlized bibtex
Stream WG state WG Document
Document shepherd No shepherd assigned
IESG IESG state Expired (IESG: Dead)
Action Holders
Consensus Boilerplate Unknown
Telechat date
Responsible AD Margaret Cullen
IESG note This document was split into two documents that will be advanced separately.
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at


The DHCP Relay Agent Information Option (RFC 3046) conveys information between a DHCP relay agent and a DHCP server. This specification defines two mechanisms for securing the messages exchanged between a relay agent and a server. The first mechanism defines a new authentication suboption for the Relay Agent Information Option that supports source entity authentication and data integrity for relayed DHCP messages. The authentication suboption contains a cryptographic signature in a payload derived from the option used in DHCP Authentication (RFC 3118). The second mechanism uses IPsec (RFC 2041) to protect messages exchanged between relay agents and servers.


Mark Stapp (
Ralph Droms (
Ted Lemon (

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)