Paul Wouters <[email protected]> wrote: > > I am a little worried to bring this into the DHCP layer. While the > document makes statements about only accepting trust anchors when > the DHCP server is "trusted", when thinking about CPE equipment, old > handhelds, etc, there is no such trust relationship. (I'm also not very > familiar with what a "trust relationship" is between a DHCP server and > client?)
The draft talks vaguely about IPSEC, which immediately sets off my wishful thinking alarm bells and reminds me of 1990s security considerations sections. More specifically, how is the client supposed to set up a security association with the DHCP server when it doesn't have an IP address? This is supposed to help with bootstrapping, right? How can the client bootstrap its trust in the DHCP server in a way that is less likely to expire than the root trust anchor? Tony. -- f.anthony.n.finch <[email protected]> http://dotat.at/ Forties, Cromarty: East, veering southeast, 4 or 5, occasionally 6 at first. Rough, becoming slight or moderate. Showers, rain at first. Moderate or good, occasionally poor at first. _______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
