@techreport{ietf-dhc-v4-threat-analysis-03,
    number =    {draft-ietf-dhc-v4-threat-analysis-03},
    type =      {Internet-Draft},
    institution =   {Internet Engineering Task Force},
    publisher = {Internet Engineering Task Force},
    note =      {Work in Progress},
    url =       {https://datatracker.ietf.org/doc/draft-ietf-dhc-v4-threat-analysis/03/},
    author =    {Richard Barr Hibbs},
    title =     {{Dynamic Host Configuration Protocol for IPv4 (DHCPv4) Threat Analysis}},
    pagetotal = 20,
    year =      2006,
    month =     jun,
    day =       15,
    abstract =  {DHCPv4 (RFC 2131) is a stable, widely used protocol for configuration of host systems in a TCP/IPv4 network. It did not provide for authentication of clients and servers, nor did it provide for data confidentiality. This is reflected in the original "Security Considerations" section of RFC 2131, which identifies a few threats and leaves development of any defenses against those threats to future work. In about 1995, DHCP security began to attract attention from the Internet community, eventually resulting in the publication of RFC 3118 in 2001. Although RFC 3118 was a mandatory prerequisite for the DHCPv4 Reconfigure Extension, RFC 3203, it has had no known usage by any commercial or private implementation since its adoption. The DHC Working Group adopted a work item for 2003 to review and modify or replace RFC 3118 to afford a workable, easily deployed security mechanism for DHCPv4. This memo provides a threat analysis of the Dynamic Host Configuration Protocol for Ipv4 (DHCPv4) for use both as RFC 2131 advances from Draft Standard to Full Standard and to support our chartered work improving the acceptance and deployment of RFC 3118.},
}