Alan DeKok wrote: > Stefan Winter wrote: [...] >> Hm, actually, most of the things transmitted with DHCP exist in an attribute >> for RADIUS already, probably mostly because of its PPP usage. So the >> local-to-home way might not be so difficult after all. > > It may be simpler to just distribute keys in AAA, and leverage RFC > 3118 for signing DHCP packets. Again, this is just off-the-cuff discussion.
Right, this is the better approach IMO. This would allow for securely obtaining various configuration without having to extend RADIUS. There is hardly any deployment of 3118 AFAIK, but this would be a good use. This is off-the-cuff as well though, requires some thought. Stig > > Alan DeKok. > _______________________________________________ > Int-area mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/int-area _______________________________________________ Int-area mailing list [email protected] https://www.ietf.org/mailman/listinfo/int-area
