To: iana@isi.edu Subject: Request for three DHCP option numbers Date: Mon, 11 Nov 1996 16:35:13 -0500 From: Ralph E. Droms Authentication for DHCP Messages (to be submitted) 1. Introduction DHCP transports protocol stack configuration parameters from centrally administered servers to TCP/IP hosts. Among those parameters are an IP address. DHCP servers can be configured to dynamically allocate addresses from a pool of addresses, eliminating a manual step in configuration of TCP/IP hosts. In some situations, network administrators may wish to constrain the allocation of addresses to authorized hosts. Such constraint may be desirable in "hostile" environments where the network medium is not physically secured, such as wireless networks or college residence halls. Additionally, some network administrators may wish to provide authentication of DHCP messages from DHCP servers. In some environments, clients may be subject to denial of service attacks through the use of bogus DHCP servers, or may simply be misconfigured due to unintentionally instantiated DHCP servers. The goal of this proposal is to suggest a technique through which authorization tickets can be easily generated and newly attached hosts with proper authorization can be automatically configured from an authenticated DHCP server. 2. Format of the authentication option The following diagram defines the format of the DHCP authentication option: +----------+----------+----------+ | Code | Length | Protocol | +----------+----------+----------+-----------+--- | Authentication information +----------+----------+----------+-----------+--- The code for the authentication option is 90, and the length field contains the length of the protocol and authentication information fields in octets. The protocol field defines the particular technique for authentication used in the option. This document defines two protocols in sections 3 and 4, encoded with protocol field values 0 and 1. Protocol field values 2-254 are reserved. Other protocols may be defined according to the procedures described in section 4.