The Authentication Suboption for the DHCP Relay Agent Option

Document Type Expired Internet-Draft (dhc WG)
Authors Mark Stapp  , Ralph Droms  , Ted Lemon 
Last updated 2015-10-14 (latest revision 2003-06-09)
Stream IETF
Intended RFC status Proposed Standard
Expired & archived
pdf htmlized (tools) htmlized bibtex
Stream WG state WG Document
Document shepherd No shepherd assigned
IESG IESG state Expired (IESG: Dead)
Consensus Boilerplate Unknown
Telechat date
Responsible AD Margaret Cullen
IESG note This document was split into two documents that will be advanced separately.
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at


The DHCP Relay Agent Information Option (RFC 3046) conveys information between a DHCP relay agent and a DHCP server. This specification defines two mechanisms for securing the messages exchanged between a relay agent and a server. The first mechanism defines a new authentication suboption for the Relay Agent Information Option that supports source entity authentication and data integrity for relayed DHCP messages. The authentication suboption contains a cryptographic signature in a payload derived from the option used in DHCP Authentication (RFC 3118). The second mechanism uses IPsec (RFC 2041) to protect messages exchanged between relay agents and servers.


Mark Stapp (
Ralph Droms (
Ted Lemon (

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)