Technical Summary
The DHCP Relay Agent Information Option (RFC 3046) conveys
information between a DHCP Relay Agent and a DHCP server. This
specification defines an authentication suboption for that option
which supports source entity authentication and data integrity for
relayed DHCP messages. The authentication suboption contains a
cryptographic signature in its payload.
Working Group Summary
This is a work item of the DHCP WG. There was WG consensus to
advance this work. While working on this draft and the related
draft draft-ietf-dhc-relay-agent-ipsec, there was extensive
discussion in the WG regarding which should be "mandatory to
implement". The WG reached a conclusion that there are valid
reasons to prefer either choice, and they have chosen to proceed
with to draft, both optional to implement (since relay agents
are widely deployed today with no authentication). We are
working on wording that will explain this choice in response to
Allison's discuss on the relay-agent-ipsec document, and will
include corresponding wording here when that issue is resolved.
Protocol Quality
This document was reviewed for the IESG by Margaret Wasserman.