Actually that proves my point. this is an example of security problems inherent in low-level protocols being solved using high level protocols, e.g. SSL certificates, key exchange protocols etc. All of which require the IP config to be working, which therefore already required DHCP to be working without auth. So, it pretty much makes DHCP auth pointless. Adrien Adrian Chadd wrote: > On Tue, Jun 19, 2007, Adrien de Croy wrote: > > >> ethernet (non IP) level key management / auth subsystem to auth DHCP. >> One that can cross subnets. Since most routers are IP routers, ethernet >> level is a non-starter as well. You really need an IP level or higher >> protocol for auth. >> > > Its not more difficult to setup than shared keys for WPA-PEAP IIRC. > Group Profiles/Active Directory has already solved this problem for > distributing authentication keys (at least in the Windows world.) > > (Not that this is a workable solution for -everyone-, but certainly > in the corporate environments you're talking about..) > > > > > Adrian > > -- Adrien de Croy - WinGate Proxy Server - http://www.wingate.comReceived on Tuesday, 19 June 2007 07:30:41 GMT
This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 7 December 2009 10:38:27 GMT