Security and Kea new ARM section
I propose a new section in the ARM about security and Kea with this plan:
- privileged sockets for DHCP service
- control channel using UNIX sockets
- local use of the control agent
- remote use of the control agent
There is no remote access to UNIX sockets as they are local objects. And of course if (when) we change the control agent function for instance putting the HTTP endpoint in servers this will have to be rewritten.
The document is being created here: https://gitlab.isc.org/isc-projects/kea/-/wikis/security.
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information