[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: IKEV2: Issue #3: DHCP vs. Configuration Payload
-----BEGIN PGP SIGNED MESSAGE-----
>>>>> "Theodore" == Theodore Ts'o <tytso@xxxxxxx> writes:
Theodore> * Support for forcible reassignment of IP address. DHCP allows
Theodore> IP address leases to be arbitrarily and without warning yanked
Theodore> from underneath the client. This is considered rude and will
Theodore> cause client applications to break, but the DHCP server has
Theodore> this power. If the configuration payload method is used to
I do not think that this isn't quite correct.
It can refuse to renew a lease.
As such, the phase 2 lifetime should be bounded by the DHCP lease time.
The IPv6/DNS folks are currently discussing whether DHCPv6 or another
mechanism should be used for information discovery. I believe that the IAB
may express a clear opinion at some point. I suggest that IKE has less reason
than IPv6 to diverge from DHCP.
] ON HUMILITY: to err is human. To moo, bovine. | firewalls [
] Michael Richardson, Sandelman Software Works, Ottawa, ON |net architect[
] mcr@xxxxxxxxxxxxxxxxxxxxxx http://www.sandelman.ottawa.on.ca/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
Comment: Finger me for keys
-----END PGP SIGNATURE-----