Skip to main content

The Authentication Suboption for the Dynamic Host Configuration Protocol (DHCP) Relay Agent Option
RFC 4030

Yes

(Margaret Cullen)

No Objection

(Alex Zinin)
(Bert Wijnen)
(Bill Fenner)
(David Kessens)
(Harald Alvestrand)
(Jon Peterson)
(Ned Freed)
(Scott Hollenbeck)
(Steven Bellovin)
(Thomas Narten)

Note: This ballot was opened for revision 05 and is now closed.

(Margaret Cullen; former steering group member) Yes

Yes ()

                            

(Alex Zinin; former steering group member) No Objection

No Objection ()

                            

(Allison Mankin; former steering group member) (was Discuss) No Objection

No Objection (2004-02-19)
Is there still a difference between DHCP, and say SIP, in whether a 
vendor must implement security mechanisms such as these 
sub-options?

(Bert Wijnen; former steering group member) No Objection

No Objection ()

                            

(Bill Fenner; former steering group member) No Objection

No Objection ()

                            

(David Kessens; former steering group member) No Objection

No Objection ()

                            

(Harald Alvestrand; former steering group member) No Objection

No Objection ()

                            

(Jon Peterson; former steering group member) No Objection

No Objection ()

                            

(Ned Freed; former steering group member) No Objection

No Objection ()

                            

(Russ Housley; former steering group member) (was Discuss) No Objection

No Objection (2004-02-17)
  This document uses 'signature' improperly.  See the definition of 'digital
  signature' in RFC 2828.  The discussion under "$ message authentication
  code vs. Message Authentication Code (MAC)" may help the authors select a
  better word.  I am willing to let the current usage stand for compatibility
  with previously published documents.  I would really like to see a paragraph
  added to the terminology discussion that makes it clear what 'signature'
  means in this document.
  
  The 'DISCUSSION' paragraph in section 7.1 ought to be in the Security
  Considerations.

  Please change 'IPSEC' to 'IPsec' (the title of the referenced document
  will be changed to reflect this convention prior to publication).

(Scott Hollenbeck; former steering group member) No Objection

No Objection ()

                            

(Steven Bellovin; former steering group member) No Objection

No Objection ()

                            

(Ted Hardie; former steering group member) No Objection

No Objection (2004-02-17)
The draft contains the following text in Section 11:

   DHCP servers may interact with multiple relay agents. Server
   implementations MAY support configuration that associates the same
   algorithm and key with all relay agents. Servers MAY support
   configuration which specifies the algorithm and key to use with each
   relay agent individually.

This key management choices are not then discussed in the Security
Considerations section.  Since that section does discuss the choice
between using the IPSec mechanism for authentication (with
its related key management implications), it seems like it would be
useful to mention it there.  This is particularly true because of the 
Security considerations text here:

   If IPsec is not available or there are multiple relay agents for which
   multiple keys must be managed, the protocol described in this
   document may be appropriate.

(Thomas Narten; former steering group member) (was Discuss) No Objection

No Objection ()