> On Aug 20, 2018, at 9:40 PM, Paul Ebersman <list-dn...@dragon.net> wrote: > > pusateri> Another point I remember most clearly is that DHCP has fallen > pusateri> out of favor for communicating all but the most minimal > pusateri> network bootstrap configuration information. There was general > pusateri> agreement in the room that you only should use DHCP in IPv4 > pusateri> for address/router info and then use trusted sources for > pusateri> everything else. In IPv6, SLAAC generally provides this. > > That may be the consensus at the IETF but it's not even close the > consensus with ISPs, nor large enterprise. That seems to cover most of > the eyeball/consumer... DHCP is still how much of the world gets > connected and that hasn't changed in decades. >
You’re misquoting me and arguing against a point I didn’t make. There was no one saying we don’t need DHCP. There was a general agreement that DHCP should not be extended. The DHC working group never completed the work for DHCP authentication. It’s not trustworthy enough in its current form to add more things to it. > > Saying this is all broken and that we need to protect the world from > themselves by not having a DHCP option simply means that vendors will > have a slew of non-standard ways of doing it and we've helped noone. > > Let's just give the option, document the security holes and risks and at > least offer much of the world a standard way of doing this if they so > choose. Again, some better understanding of DoH deployment would help. I don’t know if it’s generally accepted that DoH will replace UDP/53 or DoT in the stub resolver or DoH will just end up in the browsers as a way to speed up web pages. But if DoH stays in the browser and DoT is tried and used on all DNS servers, there’s not a problem to solve. Tom _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
