Stefan Winter wrote: > Poking it with a stick. This isn't much more than an email discussion. Don't expect it to be robust.
> Also, backwards compatibility comes into play when local AAA tries to send > its > attributes of choice to home AAA and that one doesn't have the capabilities > for EAP. See the ACK in my diagram. No ACK from the home server, no signed IP address assignment. > Some fallback mechanism would be needed, and one that makes sure > both mechanisms don't assign the same IP inadvertantly. Database-backed DHCP > and sth like your own products "sqlippool" come to mind. Having one centralized authority for IP address assignment is always useful. > Policy-wise, are people happy with transmitting their, say, WINS servers from > local to home AAA or do they consider that not-your-business details? I > honestly don't know. They happily tell it their clients with DHCP after all. Some people will likely not like that part of it. > Hm, actually, most of the things transmitted with DHCP exist in an attribute > for RADIUS already, probably mostly because of its PPP usage. So the > local-to-home way might not be so difficult after all. It may be simpler to just distribute keys in AAA, and leverage RFC 3118 for signing DHCP packets. Again, this is just off-the-cuff discussion. Alan DeKok. _______________________________________________ Int-area mailing list [email protected] https://www.ietf.org/mailman/listinfo/int-area
