draft-ietf-dhc-forcerenew-nonce-05.txt   draft-ietf-dhc-forcerenew-nonce-06.txt 
dhc D. Miles dhc D. Miles
Internet-Draft Google Internet-Draft Google
Updates: 3203 (if approved) W. Dec Updates: 3203 (if approved) W. Dec
Intended status: Standards Track Cisco Systems Intended status: Standards Track Cisco Systems
Expires: September 10, 2012 J. Bristow Expires: September 12, 2012 J. Bristow
Swisscom Schweiz AG Swisscom Schweiz AG
R. Maglione R. Maglione
Telecom Italia Telecom Italia
March 9, 2012 March 11, 2012
Forcerenew Nonce Authentication Forcerenew Nonce Authentication
draft-ietf-dhc-forcerenew-nonce-05 draft-ietf-dhc-forcerenew-nonce-06
Abstract Abstract
Dynamic Host Configuration Protocol (DHCP) FORCERENEW allows for the Dynamic Host Configuration Protocol (DHCP) FORCERENEW allows for the
reconfiguration of a single host by forcing the DHCP client into a reconfiguration of a single host by forcing the DHCP client into a
Renew state on a trigger from the DHCP server. In Forcerenew Nonce Renew state on a trigger from the DHCP server. In Forcerenew Nonce
Authentication the server sends a nonce to the client in the initial Authentication the server sends a nonce to the client in the initial
DHCP ACK that is used for subsequent validation of a FORCERENEW DHCP ACK that is used for subsequent validation of a FORCERENEW
message. This document updates RFC 3203. message. This document updates RFC 3203.
skipping to change at page 1, line 40 skipping to change at page 1, line 40
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on September 10, 2012. This Internet-Draft will expire on September 12, 2012.
Copyright Notice Copyright Notice
Copyright (c) 2012 IETF Trust and the persons identified as the Copyright (c) 2012 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 10, line 9 skipping to change at page 10, line 9
capability for Forcerenew Nonce Protocol authentication in the DHCP capability for Forcerenew Nonce Protocol authentication in the DHCP
OFFER and the subsequent ACK received by the client while in the OFFER and the subsequent ACK received by the client while in the
selecting state omits a valid DHCP authentication option for the selecting state omits a valid DHCP authentication option for the
Forcerenew Nonce Protocol, the client MUST discard the message and Forcerenew Nonce Protocol, the client MUST discard the message and
return to the INIT stat return to the INIT stat
The client MUST record the Forcerenew Nonce from any valid ACK it The client MUST record the Forcerenew Nonce from any valid ACK it
receives, if the ACK contains one. receives, if the ACK contains one.
To authenticate a Forcerenew message, the client computes an HMAC- To authenticate a Forcerenew message, the client computes an HMAC-
MD5, based on the procedure specified in section 21.5 of [RFC3315], MD5, based on the procedure specified in section 21.5 of [RFC3315],
over the DHCP FORCERENEW message, using the Forcerenew Nonce received over the DHCP FORCERENEW message (after setting the HMAC-MD5 field in
from the server. If this computed HMAC-MD5 matches the value in the the Authentication option to zero), using the Forcerenew Nonce
Authentication option, the client accepts the FORCERENEW message. received from the server. If this computed HMAC-MD5 matches the
value in the Authentication option, the client accepts the FORCERENEW
message.
4. Acknowledgements 4. Acknowledgements
Comments are solicited and should be addressed to the DHC WG mailing Comments are solicited and should be addressed to the DHC WG mailing
list (dhcwg@ietf.org) and/or the authors. This contribution is based list (dhcwg@ietf.org) and/or the authors. This contribution is based
on work by Vitali Vinokour. Major sections of this draft use on work by Vitali Vinokour. Major sections of this draft use
modified text from [RFC3315]. The authors wish to thank Ted Lemon, modified text from [RFC3315]. The authors wish to thank Ted Lemon,
Matthew Ryan and Bernie Volz for their support. Matthew Ryan and Bernie Volz for their support.
5. IANA Considerations 5. IANA Considerations
 End of changes. 5 change blocks. 
7 lines changed or deleted 9 lines changed or added

This html diff was produced by rfcdiff 1.41. The latest version is available from http://tools.ietf.org/tools/rfcdiff/