To:
Ralph Droms <rdroms@cisco.com>
CC:
dnsop@cafax.se
From:
Masataka Ohta <mohta@necom830.hpcl.titech.ac.jp>
Date:
Fri, 07 Nov 2003 20:52:31 +0900
In-Reply-To:
<4.3.2.7.2.20031107053218.04410668@flask.cisco.com>
Sender:
owner-dnsop@cafax.se
User-Agent:
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.4) Gecko/20030624 Netscape/7.1 (ax)
Subject:
Re: Sense of the WG on DNS discovery
Ralph; > The dhc WG discussed this issue briefly during the WG last call on > draft-ietf-dhc-dhcpv6-stateless-*.txt (see the thread starting at > http://www1.ietf.org/mail-archive/working-groups/dhcwg/current/msg02005.html). > > If polling by clients using DHCPv6-lite is a desirable feature, it could > be added to draft-ietf-dhc-dhcpv6-stateless-01.txt. Don't do that. > We could probably argue a little about whether the Reconfigure message is > part of DHCPv6-lite. On the one hand, using Reconfigure would require that > the DHCPv6 server retain some dynamic state about clients: a list of active > clients to which the Reconfigure message must be sent. Perhaps that > requirement could be addressed through the use of a multicast Reconfigure > message. You are caught in the pitfall of "stateless autoconfiguration" only to damege the protocol. > If security is desired for the Reconfigure message, the server would also > have to retain the "Reconfigure Key" for each active client (see section > 21.5 of RFC 3315). Note that section 21.5 only prevents an attack through > spoofed Reconfigure messages, not an initial attack by a spoofing DHCPv6 > server. I don't think security has been a requirement for DNS > configuration > up to this point. There was someone requesting autoconfiguration of not only a DNS but also an NTP server to be used to confirm timestamps of secure DNS, even though the autoconfigured NTP server is no secure. :-| Masataka Ohta #---------------------------------------------------------------------- # To unsubscribe, send a message to <dnsop-request@cafax.se>.