secure dhcp
Ted Lemon
Ted.Lemon at nominum.com
Tue Apr 25 07:06:34 UTC 2006
On Monday 24 April 2006 22:27, Carl Karsten wrote:
> The gPXE group is talking about wireless pxe booting and how to
> authenticate the bootfile. I am thinking the best thing to do is make sure
> the DHCP Offer is trusted and secure - that way a private key can be
> included and used to verify the boot file.
No, that's not the best thing to do - it's probably not even a possible thing
to do, unfortunately. The best thing is to just sign the file, and use a
signature verification system (e.g. the one used for SSL) to make sure it's
legit. That's *much* easier than trying to set up a secure infrastructure
for DHCP, and using that as a basis for securing boot files.
More information about the dhcp-users
mailing list