Hi Hesham,
Have you read draft-pruss? If you look at Figure 1, it is not replacing
AAA servers with DHCP servers, DHCP server acts like NAS.
I agree that DHCP has been overloaded.
Regards,
Behcet
The authentication in RFC 3118 (for DHCPv4) and RFC 3315
> (for DHCPv6)
> is message authentication, not subscriber authentication.
>
> Message authentication is all about ensuring that the contents are
> not fake, assuming that there is enough shared trust between client
> and server host computers. The shared trust also serves to control
> authorization to exchange DHCP messages.
>
> Subscriber authentication is about the user of network access, and
> the user is often the person who has credentials rather than the
> host, although storing user credentials on the host happens.
>
> The point of section 2.5 of draft-aboba-ip-config-00.txt is that
> these are different:
>
> 2.5. Configuration is Not Access Control
>
> Network access authentication is a distinct problem from Internet
> host configuration.
>
=> I couldn't agree more. I don't see the need for replacing AAA servers
with DHCP servers or overloading DHCP for this purpose.
Hesham
_______________________________________________
Int-area mailing list
[email protected]
https://www1.ietf.org/mailman/listinfo/int-area
