5.1 Security Considerations for Implementers

DHCP servers implementing this specification can implement TLS security as described in [IETF-DHCPFOP-12] section 11.2.

DHCP failover messages between the failover partners are authenticated through the use of a shared secret provided to both partners. The message digest calculated by using HMAC [RFC2104] in combination with the SHA-256<13> interactive cryptographic hash function is included in every message.

If any message is received that does not contain the message digest option, it is dropped and the TCP connection with the partner is closed.