RE: [dhcwg] draft-pruss-dhcp-auth-dsl-00.txt

["Alper Yegin" <alper.yegin at yegin.org>]

> I think the elegance of approach a) verses b1-7) is pretty clear,

I just see this as DHCP giving birth to L3 version of PPP (one protocol does
all).

I think IAB draft "Principles of Internet Host Configuration" is pretty
clear on such an approach:

2.5.  Configuration is Not Access Control

   Network access authentication is a distinct problem from Internet
   host configuration.  Network access authentication is best handled
   independently of the configuration mechanisms in use for the Internet
   and higher layers.

   For example, attempting to control access by requiring authentication
   in order to obtain configuration parameters (such as an IP address)
   has little value if the user can manually configure the host.  Having
   an Internet (or higher) layer protocol authenticate clients is
   appropriate to prevent resource exhaustion of a scarce resource on
   the server, but not for preventing rogue hosts from obtaining access
   to a link.  Note that client authentication is not required for
   Stateless DHCPv6 [RFC3736] since it does not result in allocation of
   any limited resources on the server.


Alper



_______________________________________________
dhcwg mailing list
dhcwg at ietf.org
https://www1.ietf.org/mailman/listinfo/dhcwg