ietf
[Top] [All Lists]

RE: [dhcwg] Re: DHCID and the use of MD5 [Re: Last Call: 'Resolution ofFQDN Conflicts among DHCP Clients' to Proposed Standard]

2005-11-28 15:22:23
Harald:

Yes, I can.

The ISC's DHCP server (www.isc.org) does this (I'm not sure whether it
uses MD5 to encode the client identity or not). Ted might know for sure.

As does Cisco's Network Registrar (though it presently doesn't encode
the data using MD5). 

And, I'm pretty sure several other DHCP vendors do this -- though
whether they're using MD5 or not I can't be sure.

These servers are in production all over and have been doing this for
many years.

- Bernie

-----Original Message-----
From: Harald Tveit Alvestrand [mailto:harald(_at_)alvestrand(_dot_)no] 
Sent: Monday, November 28, 2005 5:14 PM
To: Bernie Volz (volz); Steven M. Bellovin; Ted Lemon
Cc: dhcwg(_at_)ietf(_dot_)org; Pekka Savola; ietf(_at_)ietf(_dot_)org; 
namedroppers(_at_)ops(_dot_)ietf(_dot_)org
Subject: RE: [dhcwg] Re: DHCID and the use of MD5 [Re: Last 
Call: 'Resolution ofFQDN Conflicts among DHCP Clients' to 
Proposed Standard] 



--On mandag, november 28, 2005 17:00:39 -0500 "Bernie Volz (volz)" 
<volz(_at_)cisco(_dot_)com> wrote:

I confess that I don't see the problem.  The updater would do a DNS
query for DHCID RRs; it would be given all of the stored
records.

That's not how the current update algorithm works. Sure, we could do
almost anything but we'll be debating this for the next 100 
years. It
has already gone on for almost 10 years!!!

Can we get serious about this and really ask what are we trying to
protect.

And where were you folks when IPv6 was designed to use the 
mac address
as the interface identifier. Come on.

We're trying to make it NON-TRIVIAL, not impossible.

This technique has been in use for years by implementations 
using TXT
records because we've been unable to get the DHCID RR approved.

Bernie,

just checking....
this puzzle seems to have several distinct pieces:

- the DHCP options to talk about DNS names. Nobody seems to 
have any large 
problem with that.
- the mechanism for detecting conflicts. Nobody seems to have 
any large 
problem with that.
- the exact mechanism by which one stores a value identifying 
the client in 
the DNS without giving out useful information about the 
client. That's 
where all the shouting is.

Can you verify for me that all three parts are being done today in 
production, in just the way (apart from RR type) specified in 
the I-Ds?

                        Harald


_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf