On Oct 22, 2013, at 8:40 AM, Daniel Migault <[email protected]> wrote: > By trusted relationship, I wanted to clarify that authenticating the DHCP > Server is not sufficient. The Client MUST trust the DHCP Server. More > specifically, when you are in a corporate network you assume you are in a > trusted network, so you trust information from your DHCP Server. On the > contrary, in a cyber café, even if you authenticate the DHCP Server as the > one of the cybercafé, you do not necessarily trust it to the point to accept > crucial information.
But this is absolutely crucial. How do you know that you are on a trusted network? The document doesn't say. DHCP is supposed to be zero-touch. If we have to set up a DHCP security association in order to be able to trust the DHCP server to tell us what the DNSSEC trust anchors are, why not skip that step and install the trust anchors? _______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
