host-identifier with IPv6

[David W. Hankins]

On Wed, Mar 04, 2009 at 07:54:00PM +0100, Sten Carlsen wrote:
> So every device without a web browser and a competent user is STILL
> without a solution?

The bar for the user is pretty low - you can get the system to do
DHCPv6 and tie the global source address it used into information
from DHCP (fetch the DUID from the server on the user's behalf).
There is actually a DHCP message, leasquery, that can do this.

That's a lot more work than Ted makes it sound, however, even just
to have a simple webform.  You've got to secure that now.

And you do need some way to identify the user.  If you register
a MAC for your network and check someone's student ID card and
picture, then how do you supply the same level of trust in a web
browser?  Does this now require a student login and password that
they've probably forgotten and need to get on the network to reset
anyway?  A student ID card USB key fob that browsers support?

The other thing I'd really like to know about is network booting.  I
don't know about you guys, but when I did have diskless clients, I
didn't let just any diskless client mount just any partition.  It
had to be on the right switch interface, and it had to have the right
MAC address, which isn't secure to be sure, but it was secure enough.

You also don't get to network-boot a device once to find out what DUID
it's going to use.  You need to know what image to give it beforehand.

-- 
David W. Hankins	"If you don't do it right the first time,
Software Engineer		     you'll just have to do it again."
Internet Systems Consortium, Inc.		-- Jack T. Hankins
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: not available
URL: <https://lists.isc.org/pipermail/dhcp-users/attachments/20090304/e34f8018/attachment.bin>