Re: cfengine and hosts using DHCP

[Juha Ylitalo]

On Wed, 2002-05-22 at 23:48, ext Mark.Burgess@iu.hio.no wrote:
...
> I would like to air/propose a solution for DHCP hosts and public/private
> keys in cfengine. 
> 
> ASSUMPTION: servers have fixed IPs, otherwise there is no security,
> and we might as well just switch off key checking.
> 
> The problem is that client IPs can change so authentication becomes
> difficult. The server looks up the key for the corresponding IP address,
> but it is not right because the IP has changed, while the key has
> remained the same.
> 
> I propose a list with IP ranges which are "DHCP variable". If an IP
> is in this list and TRUST is switched on, any existing key can be
> replaced with a new key, and the old key is recorded in a "used cars"
> list, access is granted. If TRUST is switched off, the server looks
> in the "used car list" of all DHCP keys to see if it has been seen before. If 
> not
> access is refused. If it has been seen before -- it uses this earlier
> trust to accept the connection and replace the IP-key binding.
> 
> With this approach, one salvages the autonomic nature of the key
> dialogue, and keeps maximal security (minimal trust), thus avoiding
> manual key management. 

This would still offer clients possibility to verify that server is who
it claims to be, even if trust is turned off in server ? (assuming that
clients have server's public key on their local disk) If it does, then
it would be exactly what I am looking for, since some of the servers
need to distribute very generic stuff, i.e. verify that sendmail.cf has
correct smart host, etc.

The scenario, where trust would be turned on, also offers interesting
possibilities and would be nice bonus.

-- 
Juha Ylitalo         juha.o.ylitalo@nokia.com         <work e-mail>
+358 40 562 6152     juha.ylitalo@iki.fi              <rest of e-mail>
"Some tools are used, because its policy, others because they are good."

signature.asc
Description: This is a digitally signed message part