On Jan 14, 2011, at 9:58 AM, <[email protected]> wrote: > Lack of trust on information contained in all options?
Right. Generally, we assume that the higher-level protocol will have some sort of security mechanism--e.g., DNSSEC. Or we assume that the environment in which DHCP is being done is one in which there is no easy opportunity for attack (e.g., cable modem connection, or secured home WiFi). The problem with this proposal is that it creates a new, generic mechanism which depends on the data from the DHCP server being trustworthy. If the data is not trustworthy, the mechanism doesn't fail. The question is, is there some way to give you what you want, without creating a generic mechanism that has the property of assuming trustworthiness without proof of trustworthiness. _______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
