On 12/7/2020 5:03 AM, Ted Lemon wrote:
Also, Christian, RA guard only works in a managed environment. In an unmanaged environment it will break things. It would be wise to be careful about when and where you recommend it or we will wind up with interoperability problems. This is probably outside of the DHC wg’s bailiwick.
But I am being careful -- I am not asking for any change in the draft, except for a trivial nit. I am just pointing out that there are attacks and that the proposed solution in 8213 did not pan out. It would be nice is there was guidance available on how to secure DHCP clients and servers "in practice", especially if your attack model includes virus of fishing attacks overtaking an authorized client inside the perimeter.
-- Christian Huitema -- last-call mailing list last-call@xxxxxxxx https://www.ietf.org/mailman/listinfo/last-call
