nanog mailing list archives
Re: Reverse DNS RFCs and Recommendations
From: Masataka Ohta <mohta () necom830 hpcl titech ac jp>
Date: Wed, 06 Nov 2013 19:25:43 +0900
Mark Andrews wrote:
The DHCP reply packet is special as is is broadcasted.What? Rfc3315 is explicit on it: 18.2.8. Transmission of Reply Messages The Reply message MUST be unicast through the interface on which the original message was received.While IPv6 is unicast, IPv4 isn't and having a scheme that will work for IPv4 as well as IPv6 is useful.
In your draft, you wrote: CPE generates DHCPv6 Prefix Delegation [RFC3633] request which Moreover, even for IPv4, the scheme can (and should) mandate unicast DHCP reply.
Also there is NO GUARANTEE that the response can't be seen so you design the protocol to work when it can be seen.
Your misunderstanding on DHCPv6 is OK, because you also misunderstand that it were more secure? Then, as there is NO GUARANTEE that CAs of DNSSEC can't be compromised, you MUST design the protocol to work when they can be compromised.
And carrying TSIG key in DHCP reply is just secure from the both sides.Not in the clear it isn't.
Clear text in DHCP reply is just secure when required security level allows to use DHCP. Masataka Ohta
Current thread:
- Re: Reverse DNS RFCs and Recommendations, (continued)
- Re: Reverse DNS RFCs and Recommendations Mark Andrews (Nov 02)
- Re: Reverse DNS RFCs and Recommendations Masataka Ohta (Nov 02)
- Re: Reverse DNS RFCs and Recommendations Sander Steffann (Nov 02)
- Re: Reverse DNS RFCs and Recommendations Masataka Ohta (Nov 02)
- Re: Reverse DNS RFCs and Recommendations Sander Steffann (Nov 02)
- Re: Reverse DNS RFCs and Recommendations Masataka Ohta (Nov 05)
- Re: Reverse DNS RFCs and Recommendations Jimmy Hess (Nov 05)
- Re: Reverse DNS RFCs and Recommendations Mark Andrews (Nov 05)
- Re: Reverse DNS RFCs and Recommendations Masataka Ohta (Nov 06)
- Re: Reverse DNS RFCs and Recommendations Mark Andrews (Nov 06)
- Re: Reverse DNS RFCs and Recommendations Masataka Ohta (Nov 06)
- Re: Reverse DNS RFCs and Recommendations Mark Andrews (Nov 02)
- Re: Reverse DNS RFCs and Recommendations Mark Andrews (Nov 04)
- Re: Reverse DNS RFCs and Recommendations Lee Howard (Nov 05)
- Re: Reverse DNS RFCs and Recommendations Mark Andrews (Nov 05)
- Re: Reverse DNS RFCs and Recommendations Livingood, Jason (Nov 06)
- Re: Reverse DNS RFCs and Recommendations Cutler James R (Nov 06)
- Re: Reverse DNS RFCs and Recommendations Mark Andrews (Nov 06)
- Re: Reverse DNS RFCs and Recommendations Mark Andrews (Nov 06)