Hello,
I read draft-jiang-dhc-secure-dhcpv6-02 and I have the following comments:
- you should remain consistent and always use the term CGA Parameters
(sometimes, the 's' is lacking).
- section 6.3, "The CGA of a client will not lose during relaying." needs to
be corrected (does not make much sense).
- in the same section, maybe due to a lack of knowledge in the DHCPv6
protocol, I fail to understand how the Relay Agent will prove the DHCP
Client's address ownership to the DHCP server and how the Relay Agent will
prove the DHCP server authorization to the DHCP Client. Can you enlighten me
on this point ?
- the document is rather fuzzy on how you deploy certificates on DHCP routers
to perform the ADD. If you plan to reuse the certificate deployed on SEND
routers, it would be wise to provide an "extended key usage" value for the
authorization to act as a DHCP server (there is already value for proxying
functionalities and such defined draft-ietf-csi-send-cert).
- also, the text is not clear on the fact that DHCP Server MUST use
certificate to prove its authority. I think the text should be clarified on
that point.
Best regards,
Tony Cheneau
_______________________________________________
CGA-EXT mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/cga-ext
