メインコンテンツまでスキップ

5. Security Considerations

この節では DHCPv4 over DHCPv6 with Relay Agent support の RFC 原文を保持し, relay behavior, topology-discovery diagrams, deployment notes, security considerations, IANA status を含めます.

5.  Security Considerations

This document specifies the applicability of DHCP 4o6 in a scenario
where legacy IPv4 clients are connected to DHCP 4o6 Relay Agents that
perform the encapsulation and decapsulation. This document does not
change anything else in the DHCP 4o6 specification [RFC7341];
therefore, the security considerations of that document still apply.
Specifically, since the legacy IPv4 client is not aware of the
encapsulation and decapsulation, 4o6RA has to provide the protections
that are specified in the security considerations in Section 12 of
[RFC7341].

The mechanisms defined here differ from [RFC7341] as they allow the
DHCP client to send and receive DHCPv4 messages, whereas in
[RFC7341], the client only sends DHCPv6 messages. This makes it
possible that in improperly configured networks where the client is
located on the same Layer 2 scope of a DHCPv4 server, DHCPv4 messages
could reach a DHCPv4 server without using the 4o6RA. While this can
cause erroneous state in both clients and servers and potentially
even lead to misconfigurations that impact reachability, this is seen
as a deployment error rather than a security concern. Further, even
though this mechanism may be used for attacks from within the
network, this is not a new concern introduced by this specification.

More generally, legacy IPv4 clients are not aware of this mechanism;
however, even when DHCP 4o6 is used, the client does not have any
control about the information provided by the Relay Agent. As such,
this change does not raise any additional security concerns.