On Mar 4, 2014, at 5:58 PM, Mark Andrews <[email protected]> wrote: > Please go read draft-andrews-dnsop-pd-reverse. This technique will > work with any zone to be delegated by the ISP. For most cases the > wire is the authenticator by for things like WiMax you will be > putting credentials into the box to authenticticate your DHCP request > to the ISP as the medium is not secure anyway.
Your draft is certainly a valid solution to the problem it sets out to solve, but it doesn't actually change the security model I was talking about. Given that my point was that you have to trust the wire to make this work, I think are in violent agreement at least on this point, except that I would like us to describe a solution that at least addresses the use case where you can't trust the wire. _______________________________________________ homenet mailing list [email protected] https://www.ietf.org/mailman/listinfo/homenet
