[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IKEV2: Issue #3: DHCP vs. Configuration Payload



-----BEGIN PGP SIGNED MESSAGE-----


>>>>> "Theodore" == Theodore Ts'o <tytso@xxxxxxx> writes:
    Theodore> * Support for forcible reassignment of IP address.  DHCP allows
    Theodore> IP address leases to be arbitrarily and without warning yanked
    Theodore> from underneath the client.  This is considered rude and will
    Theodore> cause client applications to break, but the DHCP server has
    Theodore> this power.  If the configuration payload method is used to

  I do not think that this isn't quite correct.

  It can refuse to renew a lease.
  As such, the phase 2 lifetime should be bounded by the DHCP lease time.

  The IPv6/DNS folks are currently discussing whether DHCPv6 or another
mechanism should be used for information discovery. I believe that the IAB
may express a clear opinion at some point. I suggest that IKE has less reason
than IPv6 to diverge from DHCP.

]       ON HUMILITY: to err is human. To moo, bovine.           |  firewalls  [
]   Michael Richardson, Sandelman Software Works, Ottawa, ON    |net architect[
] mcr@xxxxxxxxxxxxxxxxxxxxxx http://www.sandelman.ottawa.on.ca/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
Comment: Finger me for keys

iQCVAwUBPkSMCYqHRg3pndX9AQHhlQP+Me4YMQW/tjHOY3g2aOuY6xdlcyBiQt5f
C+IhkdK4zJuGohl0yn33hU/o0E7mSSG4k3gCK6Anmfna/sxujrroryoe4wlZVpYl
7/eKuOZ0PGOs15sgetGK1/cNGWvTuJ/4zYpGY7QHurztkQ5Vlwy/dM1iXNku9Cny
jmCu5b7/e4E=
=seJU
-----END PGP SIGNATURE-----