RE: Pls review documents on IESG Agenda for December 1, 2005

["Wijnen, Bert (Bert)" <bwijnen@lucent.com>]

Thanks Jari.

Margaret, can you get (either by yourself, or from the 
authors or WG) answers to the question(s) by Jari?

Bert

> -----Original Message-----
> From: Jari Arkko [mailto:jari.arkko@piuha.net]
> Sent: Thursday, November 24, 2005 13:29
> To: Wijnen, Bert (Bert); Bernard Aboba
> Cc: Aaa-Doctors (E-mail); Margaret Wasserman
> Subject: Re: Pls review documents on IESG Agenda for December 1, 2005
> 
> 
> Wijnen, Bert (Bert) wrote:
> 
> >  o draft-ietf-dhc-dna-ipv4-17.txt
> >    Detecting Network Attachment in IPv4 (DNAv4) (Proposed 
> Standard) - 3 of 3 
> >    Note: This document has changed substantially since the 
> IESG reviewed 
> >    version -12 based on post-LC comments.A'  Back for a 
> re-review before 
> >    sending to the RFC Editor. 
> >    Token: Margaret Wasserman
> >  
> >
> I reviewed this spec.
> 
> Overall, I like it and it seems to be ready to become an
> RFC. I did have one question, however:
> 
> >    [c] If secure detection of network attachment is required.
> >        The reachability test utilizes ARP which is insecure.
> 
> What, specifically, is your model of "secure detection of
> network attachment"? How do I implement this requirement
> in a host i.e. what feature must be on for me to skip DNAv4?
> Do you mean that if DHCP authentication is on then we skip
> DNAv4?
> 
> Also, some forms of secure ARP (e.g. Cisco's DHCP-secured
> ARP) appear to work without host involvement and would
> appear to be compatible with DNAv4.
> 
> --Jari
>