File: bootp-dhcp-option-90

package info (click to toggle)
doc-iana 2001.08-1
  • links: PTS
  • area: main
  • in suites: woody
  • size: 8,176 kB
  • ctags: 954
  • sloc: perl: 1,057; makefile: 83; sh: 27
file content (61 lines) | stat: -rw-r--r-- 2,354 bytes parent folder | download | duplicates (4) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
 


To: iana@isi.edu
Subject: Request for three DHCP option numbers
Date: Mon, 11 Nov 1996 16:35:13 -0500
From: Ralph E. Droms <droms@charcoal.eg.bucknell.edu>



                    Authentication for DHCP Messages
                 <draft-ietf-dhc-authentication-03.txt>
			  (to be submitted)

1. Introduction

   DHCP transports protocol stack configuration parameters from
   centrally administered servers to TCP/IP hosts.  Among those
   parameters are an IP address.  DHCP servers can be configured to
   dynamically allocate addresses from a pool of addresses, eliminating
   a manual step in configuration of TCP/IP hosts.

   In some situations, network administrators may wish to constrain the
   allocation of addresses to authorized hosts.  Such constraint may be
   desirable in "hostile" environments where the network medium is not
   physically secured, such as wireless networks or college residence
   halls.

   Additionally, some network administrators may wish to provide
   authentication of DHCP messages from DHCP servers.  In some
   environments, clients may be subject to denial of service attacks
   through the use of bogus DHCP servers, or may simply be misconfigured
   due to unintentionally instantiated DHCP servers.

   The goal of this proposal is to suggest a technique through which
   authorization tickets can be easily generated and newly attached
   hosts with proper authorization can be automatically configured from
   an authenticated DHCP server.

2. Format of the authentication option

   The following diagram defines the format of the DHCP authentication
   option:


    +----------+----------+----------+
    |   Code   |  Length  | Protocol |
    +----------+----------+----------+-----------+---
    |                  Authentication information
    +----------+----------+----------+-----------+---


   The code for the authentication option is 90, and the length field
   contains the length of the protocol and authentication information
   fields in octets.  The protocol field defines the particular
   technique for authentication used in the option.

   This document defines two protocols in sections 3 and 4, encoded with
   protocol field values 0 and 1.  Protocol field values 2-254 are
   reserved.  Other protocols may be defined according to the procedures
   described in section 4.