Re: Pls review documents on IESG Agenda for December 1, 2005

[Jari Arkko <jari.arkko@piuha.net>]

Wijnen, Bert (Bert) wrote:

>  o draft-ietf-dhc-dna-ipv4-17.txt
>    Detecting Network Attachment in IPv4 (DNAv4) (Proposed Standard) - 3 of 3 
>    Note: This document has changed substantially since the IESG reviewed 
>    version -12 based on post-LC comments.A'  Back for a re-review before 
>    sending to the RFC Editor. 
>    Token: Margaret Wasserman
>  
I reviewed this spec.

Overall, I like it and it seems to be ready to become an
RFC. I did have one question, however:

>    [c] If secure detection of network attachment is required.
>        The reachability test utilizes ARP which is insecure.

What, specifically, is your model of "secure detection of
network attachment"? How do I implement this requirement
in a host i.e. what feature must be on for me to skip DNAv4?
Do you mean that if DHCP authentication is on then we skip
DNAv4?

Also, some forms of secure ARP (e.g. Cisco's DHCP-secured
ARP) appear to work without host involvement and would
appear to be compatible with DNAv4.

--Jari