This is doable using "Hash and URL of X.509 certificate" used in IKEv2
certificate payloads. See RFC 7296 Section 3.6. That should fit into 254
bytes assuming the URL is not extra long.
- Jouni
7/14/2015, 8:36 AM, Brian Haberman kirjoitti:
Hi Fred,
On 7/14/15 10:54 AM, Templin, Fred L wrote:
Hi Sri,
Reason for the X.509 certificate is that, in some environments, an
attacker can
spoof a DHCP Client Identifier and receive services that were intended
for the
authentic client. With X.509 certificate, the certificate holder has to
sign its DHCP
messages with its private key so the DHCP server can authenticate using the
public key and therefore defeat any spoofing.
Can you suggest an X.509 format/profile that can be represented in 254
bytes?
Regards,
Brian
_______________________________________________
dmm mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dmm
_______________________________________________
dmm mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dmm
