[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [dhcwg] [New I-D] DHCP User-based Authentication

To: Yoshihiro Ohba <yohba at tari.toshiba.com>
Subject: Re: [dhcwg] [New I-D] DHCP User-based Authentication
From: Mark Stapp <mjs at cisco.com>
Date: Thu, 12 Oct 2006 14:03:25 -0400
Authentication-results: rtp-dkim-1.cisco.com; header.From=mjs@cisco.com; dkim=pass ( sig from cisco.com verified; );
Cc: dhcwg at ietf.org
Dkim-signature: a=rsa-sha1; q=dns; l=4744; t=1160676209; x=1161540209; c=relaxed/simple; s=rtpdkim1001; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=mjs@cisco.com; z=From:Mark=20Stapp=20<mjs@cisco.com> |Subject:Re=3A=20[dhcwg]=20[New=20I-D]=20DHCP=20User-based=20Authentication |To:Yoshihiro=20Ohba=20<yohba@tari.toshiba.com>; X=v=3Dcisco.com=3B=20h=3DaaTyogwHJr5iuqjAUIz2meBLywM=3D; b=mnuyDrhwiY9yOUDysyKXuxQ0j67uzGza/aaHDSalE6M0PYGgd7fm5zoCfGmWHCAM/htCKnNa /FkLnQIyn7ySUK4jd7gXkUD0DO1VVM58lcyU4LZZAl8PvvtuudqAHVm1;
In-reply-to: <20061012153525.GF16571@steelhead>
List-help: <mailto:dhcwg-request@ietf.org?subject=help>
List-id: dhcwg.ietf.org
List-post: <mailto:dhcwg@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
References: <005201c6ea86$dd069070$1b05a40a@china.huawei.com> <20061012153525.GF16571@steelhead>
User-agent: Thunderbird 1.5.0.7 (Windows/20060909)

yes, this is a fundamental question. the ietf protocol for IP-based
network access is EAP in UDP: PANA. whatever we may think of the details
of PANA, it's hard to imagine that the DHCP packet format and protocol
state-machine are likely to provide a technically superior solution. and
it's hard to imagine the ietf's supporting the use of DHCP for this
purpose, when much work has gone into EAP and PANA. trying to solve all
of the technical problems (especially the security problems) within DHCP
packets would likely - in my opinion - consume a great deal of time and
effort but be very unlikely to result in a standard. I don't think it's
worth heading down that path.

I also agree on the charter issue: I don't think anything more than
security for the DHCP client/server exchanges is in the DHCP charter.

-- Mark

Yoshihiro Ohba wrote:
> A fundamental question.
> 
> Is this WG chartered for developing a solution for network access
> authentication and authorization other than developing authentication
> mechanisms for DHCP?
> 
> I am asking this because Introduction of
> draft-zhao-dhc-user-authentication-00.txt says:
> 
> "
>    An authentication mechanism for DHCPv4 protocol messages was
>    developed in [RFC3118].This allows DHCP clients and servers to
>    authenticate each other.  Our purpose differs in that we want to
>    authenticate and authorize a user before he accesses a provider
>    network, to apply policy to customize this access connection to
>    account for the service.
> "
> 
> Best regards,
> Yoshihiro Ohba
> 
> 
> On Sun, Oct 08, 2006 at 11:07:17AM +0800, Amy Zhao wrote:
>> Hi, All:
>>
>> We posted a new I-D as follows.  
>>
>> It's a pretty rough draft  and we need your feedback.
>>
>>  Any comments / advices will be highly appreciated!
>>
>> Thanks!
>>
>> B.R.
>> Amy 
>>
>> ------------------------------
>>
>> A New Internet-Draft is available from the on-line Internet-Drafts 
>> directories.
>>
>>
>> 	Title		: DHCP User-based Authentication
>> 	Author(s)	: Y. Zhao
>> 	Filename	: draft-zhao-dhc-user-authentication-00.txt
>> 	Pages		: 24
>> 	Date		: 2006-10-2
>> 	
>> This document defines an authentication mechanism to provide an
>> authentication for a user in an access network by means of dhcp.  The
>> authentication mechanism described here couples DHCP to an
>> authentication, authorization and accounting system (AAA), thus
>> enabling users to supply user credentials for AAA via DHCP.
>>
>>
>> A URL for this Internet-Draft is:
>> http://www.ietf.org/internet-drafts/draft-zhao-dhc-user-authentication-00.tx
>> t
>>
>> To remove yourself from the I-D Announcement list, send a message to 
>> i-d-announce-request at ietf.org with the word unsubscribe in the body of 
>> the message. 
>> You can also visit https://www1.ietf.org/mailman/listinfo/I-D-announce 
>> to change your subscription settings.
>>
>> Internet-Drafts are also available by anonymous FTP. Login with the 
>> username "anonymous" and a password of your e-mail address. After 
>> logging in, type "cd internet-drafts" and then 
>> "get draft-zhao-dhc-user-authentication-00.txt".
>>
>> A list of Internet-Drafts directories can be found in
>> http://www.ietf.org/shadow.html 
>> or ftp://ftp.ietf.org/ietf/1shadow-sites.txt
>>
>> Internet-Drafts can also be obtained by e-mail.
>>
>> Send a message to:
>> 	mailserv at ietf.org.
>> In the body type:
>> 	"FILE /internet-drafts/draft-zhao-dhc-user-authentication-00.txt".
>> 	
>> NOTE:	The mail server at ietf.org can return the document in
>> 	MIME-encoded form by using the "mpack" utility.  To use this
>> 	feature, insert the command "ENCODING mime" before the "FILE"
>> 	command.  To decode the response(s), you will need "munpack" or
>> 	a MIME-compliant mail reader.  Different MIME-compliant mail readers
>> 	exhibit different behavior, especially when dealing with
>> 	"multipart" MIME messages (i.e. documents which have been split
>> 	up into multiple messages), so check your local documentation on
>> 	how to manipulate these messages.
>>
>> Below is the data which will enable a MIME compliant mail reader
>> implementation to automatically retrieve the ASCII version of the
>> Internet-Draft.
>> -------------- next part --------------
>> Skipped content of type multipart/alternative
>>
>> ------------------------------
>>
>>
>>
>>
>>
>> _______________________________________________
>> dhcwg mailing list
>> dhcwg at ietf.org
>> https://www1.ietf.org/mailman/listinfo/dhcwg
>>
> 
> _______________________________________________
> dhcwg mailing list
> dhcwg at ietf.org
> https://www1.ietf.org/mailman/listinfo/dhcwg
> 

_______________________________________________
dhcwg mailing list
dhcwg at ietf.org
https://www1.ietf.org/mailman/listinfo/dhcwg

Follow-Ups:
- Re: [dhcwg] [New I-D] DHCP User-based Authentication
  - From: Yoshihiro Ohba

References:
- [dhcwg] [New I-D] DHCP User-based Authentication
  - From: Amy Zhao
- Re: [dhcwg] [New I-D] DHCP User-based Authentication
  - From: Yoshihiro Ohba

Prev by Date: Re: [dhcwg] [New I-D] DHCP User-based Authentication
Next by Date: RE: [dhcwg] [New I-D] DHCP User-based Authentication
Previous by thread: Re: [dhcwg] [New I-D] DHCP User-based Authentication
Next by thread: Re: [dhcwg] [New I-D] DHCP User-based Authentication
Index(es):
- Date
- Thread