Dynamic Host Configuration
The draft Authentication for DHCP Messages, [56], defines two simple mechanisms for authentication in DHCP. One of them, Protocol DHCP-delayed (16), the Delayed Authentication method, combined with the Key Management Technique defined in the Appendix of [56] should be enough to secure against the common DHCP threat model, in particular, the establishment of "rogue" DHCP servers with the intent of providing incorrect configuration information to the client.
Protocol DHCP-delayed should provide Authentication, Secrecy and Replay Protection (G1,2,3,12).