Hi Brian, > -----Original Message----- > From: dmm [mailto:[email protected]] On Behalf Of Brian Haberman > Sent: Tuesday, July 14, 2015 8:37 AM > To: [email protected] > Subject: Re: [DMM] RFC4283bis progress.. > > Hi Fred, > > On 7/14/15 10:54 AM, Templin, Fred L wrote: > > Hi Sri, > > > > > > > > Reason for the X.509 certificate is that, in some environments, an > > attacker can > > > > spoof a DHCP Client Identifier and receive services that were intended > > for the > > > > authentic client. With X.509 certificate, the certificate holder has to > > sign its DHCP > > > > messages with its private key so the DHCP server can authenticate using the > > > > public key and therefore defeat any spoofing. > > > > Can you suggest an X.509 format/profile that can be represented in 254 > bytes?
Probably not, but I think I have a better understanding of my requirements now. A mobile node can use an X.509 certificate to prove ownership of the DHCP Client Identifier, so it is the Client ID and not the X.509 certificate itself that identifies the mobile node. Do I have that right? Thanks - Fred [email protected] > Regards, > Brian _______________________________________________ dmm mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmm
