At 01:05 PM 6/30/03 -0400, William Allen Simpson wrote: >"Steven M. Bellovin" wrote: >> >> I can pretty much guarantee that the IETF will never standardize that, >> except possibly in conjunction with authenticated dhcp. >> >Would this be the DHCP working group that on at least 2 occasions >when I was there, insisted that secure DHCP wouldn't require a secret, >since DHCP isn't supposed to require "configuration"?
In some cases it would be trivial to distribute a key for DHCP trust purposes. My cable ISP distributes a CDROM which configures Wintel machines for it. (I don't use this.) It would be easy enough for them to distribute secret or public keys or even hash sigs that worked with their DHCP, *if* the clients could use it, and *if* the users paid attention to whatever UI accompanied problems. In other cases --the visitor who wants to connect a laptop to an office net-- there is a perhaps unacceptable burden.