Re: DHCPv6 and CGA (was: Re: [Int-area] SeND & CGA Extensions BOF)

Wed, 20 Jun 2007 09:58:51 -0700

The basic issue is that the host must know which subnet prefix to use prior to sending the DHCP REQUEST if it is to generate a CGA. The prefix is part of the CGA parameters data structure used in the hash calculation for the crypto-id, as described in Section 3 of RFC 3972. The host then includes an IA Address Option (Section 22.6 of RFC 3315) with the address in a DHCP REQUEST. So that means that the RA must include a prefix information option so that the host has the prefix in order to generate the address.
Exactly how that interacts with address autoconfiguration is something that would need to be addressed in generating the draft describing how to do CGAs with DHCP. I don't know whether hosts using DHCPv6 commonly propose addresses today, but I suspect probably not, since it isn't done in IPv4 and I suspect DHCPv6 is most commonly used in a way that works as much like the v4 case as possible. Others with more operational and deployment knowledge of DHCP use please correct me if I am wrong. 

               jak


----- Original Message ----- 
From: "Thomas Narten" <[EMAIL PROTECTED]>

To: "James Kempf" <[EMAIL PROTECTED]>

Cc: "marcelo bagnulo braun" <[EMAIL PROTECTED]>; "Stig Venaas" 
<[EMAIL PROTECTED]>; "INT Area" <[EMAIL PROTECTED]>

Sent: Wednesday, June 20, 2007 8:32 AM
Subject: Re: DHCPv6 and CGA (was: Re: [Int-area] SeND & CGA Extensions BOF)


"James Kempf" <[EMAIL PROTECTED]> writes:


I think it is already possible for a node to use CGAs with DHCPv6. The 
node

sends an Interface ID Option (Section 22.18 of RFC 3315) along with the
REQUEST, containing a cryptographically generated interface id. The DHCP
server assigns the address having this id. For this to work, the subnet

prefixes must be advertised in the RA even though the 'M' flag is set, 
since

the cryptographic generation process uses the subnet prefix. If the RA

advertises more than one subnet, there might be a problem, since there is 
no

way to indicate to the server which subnet the host has selected.


Do you mean that the RA must include a prefix information option? If
so, with which bits set? if the autoconfigure bit must be set for this
to work, that seems like a non-starter, since now there is no point in
using DHCP to get an address you already legitimitely have. (I don't
know the details right off here, hence I'm asking.)

Thomas




_______________________________________________
Int-area mailing list
[email protected]
https://www1.ietf.org/mailman/listinfo/int-area
























					Reply via email to