The IESG has received a request from the Operational Security
Capabilities for IP Network Infrastructure WG (opsec) to consider the
following document:
- 'DHCPv6-Shield: Protecting Against Rogue DHCPv6 Servers'
<draft-ietf-opsec-dhcpv6-shield-04.txt> as Best Current Practice
The IESG plans to make a decision in the next few weeks, and solicits
final comments on this action. Please send substantive comments to the
ietf@ietf.org mailing lists by 2014-12-01. Exceptionally, comments may be
sent to iesg@ietf.org instead. In either case, please retain the
beginning of the Subject line to allow automated sorting.
Abstract
This document specifies a mechanism for protecting hosts connected to
a switched network against rogue DHCPv6 servers. The aforementioned
mechanism is based on DHCPv6 packet-filtering at the layer-2 device
at which the packets are received. The aforementioned mechanism has
been widely deployed in IPv4 networks ('DHCP snooping'), and hence it
is desirable that similar functionality be provided for IPv6
networks.
The file can be obtained via
http://datatracker.ietf.org/doc/draft-ietf-opsec-dhcpv6-shield/
IESG discussion can be tracked via
http://datatracker.ietf.org/doc/draft-ietf-opsec-dhcpv6-shield/ballot/
No IPR declarations have been submitted directly on this I-D.
