- From: Adrien de Croy <adrien@qbik.com>
- Date: Tue, 19 Jun 2007 19:30:52 +1200
- To: Adrian Chadd <adrian@creative.net.au>
- CC: HTTP Working Group <ietf-http-wg@w3.org>
Actually that proves my point. this is an example of security problems inherent in low-level protocols being solved using high level protocols, e.g. SSL certificates, key exchange protocols etc. All of which require the IP config to be working, which therefore already required DHCP to be working without auth. So, it pretty much makes DHCP auth pointless. Adrien Adrian Chadd wrote: > On Tue, Jun 19, 2007, Adrien de Croy wrote: > > >> ethernet (non IP) level key management / auth subsystem to auth DHCP. >> One that can cross subnets. Since most routers are IP routers, ethernet >> level is a non-starter as well. You really need an IP level or higher >> protocol for auth. >> > > Its not more difficult to setup than shared keys for WPA-PEAP IIRC. > Group Profiles/Active Directory has already solved this problem for > distributing authentication keys (at least in the Windows world.) > > (Not that this is a workable solution for -everyone-, but certainly > in the corporate environments you're talking about..) > > > > > Adrian > > -- Adrien de Croy - WinGate Proxy Server - http://www.wingate.com
Received on Tuesday, 19 June 2007 07:30:41 UTC