On Jun 4, 2021, at 9:16 AM, Eliot Lear <[email protected]> wrote: > > I don't think this is the right approach. I would rather see the information > provided in an EAP method, so that DHCP can be removed entirely from the > equation. Otherwise we have multiple, disparate, security models in play to > trust the information.
I agree. But... * We already have DHCP options encoded in RADIUS. Adding one more isn't terrible * reving EAP is likely hard, as compared to adding a few more RADIUS attributes * Then there's RFC 5505, and lower-layer independence https://datatracker.ietf.org/doc/html/rfc5505#section-2.4 i.e. tying multiple layers together is officially frowned upon by the IAB. Alan DeKok. _______________________________________________ OPSAWG mailing list [email protected] https://www.ietf.org/mailman/listinfo/opsawg
