Harald: Yes, I can. The ISC's DHCP server (www.isc.org) does this (I'm not sure whether it uses MD5 to encode the client identity or not). Ted might know for sure. As does Cisco's Network Registrar (though it presently doesn't encode the data using MD5). And, I'm pretty sure several other DHCP vendors do this -- though whether they're using MD5 or not I can't be sure. These servers are in production all over and have been doing this for many years. - Bernie > -----Original Message----- > From: Harald Tveit Alvestrand [mailto:harald@xxxxxxxxxxxxx] > Sent: Monday, November 28, 2005 5:14 PM > To: Bernie Volz (volz); Steven M. Bellovin; Ted Lemon > Cc: dhcwg@xxxxxxxx; Pekka Savola; ietf@xxxxxxxx; > namedroppers@xxxxxxxxxxxx > Subject: RE: [dhcwg] Re: DHCID and the use of MD5 [Re: Last > Call: 'Resolution ofFQDN Conflicts among DHCP Clients' to > Proposed Standard] > > > > --On mandag, november 28, 2005 17:00:39 -0500 "Bernie Volz (volz)" > <volz@xxxxxxxxx> wrote: > > >> I confess that I don't see the problem. The updater would do a DNS > >> query for DHCID RRs; it would be given all of the stored > >> records. > > > > That's not how the current update algorithm works. Sure, we could do > > almost anything but we'll be debating this for the next 100 > years. It > > has already gone on for almost 10 years!!! > > > > Can we get serious about this and really ask what are we trying to > > protect. > > > > And where were you folks when IPv6 was designed to use the > mac address > > as the interface identifier. Come on. > > > > We're trying to make it NON-TRIVIAL, not impossible. > > > > This technique has been in use for years by implementations > using TXT > > records because we've been unable to get the DHCID RR approved. > > Bernie, > > just checking.... > this puzzle seems to have several distinct pieces: > > - the DHCP options to talk about DNS names. Nobody seems to > have any large > problem with that. > - the mechanism for detecting conflicts. Nobody seems to have > any large > problem with that. > - the exact mechanism by which one stores a value identifying > the client in > the DNS without giving out useful information about the > client. That's > where all the shouting is. > > Can you verify for me that all three parts are being done today in > production, in just the way (apart from RR type) specified in > the I-Ds? > > Harald > _______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf