Secure DHCPv6
draft-ietf-dhc-sedhcpv6-07
| The information below is for an old version of the document | |||||
|---|---|---|---|---|---|
| Document | Type | None Internet-Draft (dhc WG) | |||
| Last updated | 2015-04-17 (latest revision 2015-03-23) | ||||
| Replaces | draft-jiang-dhc-sedhcpv6 | ||||
| Stream | IETF | ||||
| Intended RFC status | Proposed Standard | ||||
| Formats |
Expired & archived
pdf
htmlized
bibtex
|
||||
| Additional URLs |
|
||||
| Stream | WG state | (None) | |||
| Document shepherd | Tomek Mrugalski | ||||
| Shepherd write-up | Show (last changed 2015-01-29) | ||||
| IESG | IESG state | Unknown state | |||
| Consensus Boilerplate | Unknown | ||||
| Telechat date | |||||
| Responsible AD | Brian Haberman | ||||
| Send notices to | dhc-chairs@ietf.org, "Tomek Mrugalski" <tomasz.mrugalski@gmail.com> | ||||
https://www.ietf.org/archive/id/draft-ietf-dhc-sedhcpv6-07.txt
Abstract
The Dynamic Host Configuration Protocol for IPv6 (DHCPv6) enables DHCPv6 servers to pass configuration parameters. It offers configuration flexibility. If not being secured, DHCPv6 is vulnerable to various attacks, particularly spoofing attacks. This document analyzes the security issues of DHCPv6 and specifies a Secure DHCPv6 mechanism for communications between DHCPv6 clients and DHCPv6 servers. This document provides a DHCPv6 client/server authentication mechanism based on sender's public/private key pairs or certificates with associated private keys. The DHCPv6 message exchanges are protected by the signature option and the timestamp option newly defined in this document.
Authors
Sheng Jiang
(jiangsheng@huawei.com)
Sean Shen
(shenshuo@cnnic.cn)
Dacheng Zhang
(zhangdacheng@huawei.com)
Tatuya Jinmei
(jinmei@wide.ad.jp)
(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)