On Feb 11, 2015, at 7:33 PM, Fred Baker <[email protected]> wrote: >> s1: Did you answer the IESG point that MAC addresses are not sufficiently >> immutable? Actually s4.3.5 does say that MAC addresses are spoofable ... > > I didn’t. The issue is the same as with SVI-FCFS; the binding anchor is > whatever we can make it. If the IESG wants to make an issue of the port+MAC > Address, I’ll ask why it’s not an issue there.
I think the answer to this is simply that the security of DHCP is our of scope for this document. This document explains how to filter out unauthorized uses of source IP addresses in the context of DHCP. RFC 3315 provides a mechanism for securing DHCP messages, although it is not widely deployed because the key distribution problem is somewhat intractable; a document just passed last call in the DHC working group that provides a public-key based security mechanism for DHCP that should address that problem, and at some point hopefully that will be deployable in SAVI-DHCP environments. But the security of DHCP messages is simply not something _this_ document can address. _______________________________________________ Gen-art mailing list [email protected] https://www.ietf.org/mailman/listinfo/gen-art
