Feature Request: [odhcpd] Add Authentication option (RFC 3118/8415)
Kevin Vigouroux
ke.vigouroux at laposte.net
Mon Nov 11 10:09:54 PST 2024
That's a problem. From a general point of view, I don't have much
experience about authentication. The Delayed authentication protocol
defined in section 5 of RFC 3118 has since been deprecated according
to the RFC 8415 (see below).
https://www.iana.org/assignments/auth-namespaces/auth-namespaces.xhtml
https://www.rfc-editor.org/rfc/rfc8415.html#section-20
Originally, the Configuration Token protocol in the authentication
option is supposed to authenticate the origin of the message (the
entity) and not its content, or possibly restrict network access to
authorized hosts (customers). It only provides a weak protection and
becomes completly useless in case of interception of the message.
I believe this protocol makes no sense on the LAN-side. Nevertheless, I
don't have the choice since the ISP's CPE rejects DHCP messages that
don't include the authentication option using the Configuration Token.
So it's not looking good. This protocol would have had to be really
useful to be implemented in odhcpd. That's really sad!
--
Best regards,
Kevin Vigouroux
More information about the openwrt-devel
mailing list