> The authentication in RFC 3118 (for DHCPv4) and RFC 3315 > (for DHCPv6) > is message authentication, not subscriber authentication. > > Message authentication is all about ensuring that the contents are > not fake, assuming that there is enough shared trust between client > and server host computers. The shared trust also serves to control > authorization to exchange DHCP messages. > > Subscriber authentication is about the user of network access, and > the user is often the person who has credentials rather than the > host, although storing user credentials on the host happens. > > The point of section 2.5 of draft-aboba-ip-config-00.txt is that > these are different: > > 2.5. Configuration is Not Access Control > > Network access authentication is a distinct problem from Internet > host configuration. >
=> I couldn't agree more. I don't see the need for replacing AAA servers with DHCP servers or overloading DHCP for this purpose. Hesham _______________________________________________ Int-area mailing list [email protected] https://www1.ietf.org/mailman/listinfo/int-area
