[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Protocol Action: Authentication for DHCP Messages to Proposed Standard
The IESG has approved the Internet-Draft 'Authentication for DHCP
Messages' <draft-ietf-dhc-authentication-16.txt> as a Proposed
Standard. This document is the product of the Dynamic Host
Configuration Working Group. The IESG contact persons are Erik
Nordmark and Thomas Narten.
DHCP transports protocol stack configuration parameters from
centrally administered servers to TCP/IP hosts. Among those
parameters are an IP address. DHCP servers can be configured to
dynamically allocate addresses from a pool of addresses,
eliminating a manual step in configuration of TCP/IP hosts.
Some network administrators may wish to provide authentication of the
source and contents of DHCP messages. For example, clients may be
subject to denial of service attacks through the use of bogus DHCP
servers, or may simply be misconfigured due to unintentionally
instantiated DHCP servers. Network administrators may wish to
constrain the allocation of addresses to authorized hosts to avoid
denial of service attacks in "hostile" environments where the network
medium is not physically secured, such as wireless networks or
college residence halls.
This document defines a technique that can provide both entity
authentication and message authentication.
Working Group Summary
There was strong support in the WG for this document.
This protocol has been reviewed for the IESG by Thomas Narten.