Re: Attacking networks using DHCP, DNS - probably kills DNSSEC
"Steven M. Bellovin" wrote:
I can pretty much guarantee that the IETF will never standardize
At 01:05 PM 6/30/03 -0400, William Allen Simpson wrote: that,
except possibly in conjunction with authenticated dhcp.
Would this be the DHCP working group that on at least 2 occasions when I was there, insisted that secure DHCP wouldn't require a secret, since DHCP isn't supposed to require "configuration"?
In some cases it would be trivial to distribute a key for DHCP trust purposes. My cable ISP distributes a CDROM which configures Wintel machines for it. (I don't use this.) It would be easy enough for them to distribute secret or public keys or even hash sigs that worked with their DHCP, *if* the clients could use it, and *if* the users paid attention to whatever UI accompanied problems. In other cases --the visitor who wants to connect a laptop to an office net-- there is a perhaps unacceptable burden.
participants (1)
-
Major Variola (ret)