[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

comments on ...isakmp-mode-cfg-02

To: ipsec@tis.com
Subject: comments on ...isakmp-mode-cfg-02
From: "Scott G. Kelly" <skelly@redcreek.com>
Date: Fri, 13 Mar 1998 13:04:47 -0800
Organization: RedCreek Communications
Sender: owner-ipsec@ex.tis.com

I have a few comments on draft-ietf-ipsec-isakmp-mode-cfg-02.txt. I am
not prepared to comment regarding the usefulness of the proposed
functionality. Rather, I'll confine my comments to the mechanism
proposed for adding the suggested functionality, i.e. piggy-backing
'configuration' messages onto the notify payload.

While such configuration messages might be useful, this is *not* the
best way to add them, and in fact, it looks like a hack. The notify
messages have been defined for one-way communication of status
information, while the configuration exchange being proposed is actually
a 2-way negotiation. Why not suggest a new payload type for this? 

I won't go into all the specific and obvious arguments against the
suggested payload overloading, as I believe these are self-evident. I
will, however, point out that the ISAKMP-09 draft contains the following
text on page 70:

'Because the Informational Exchange with a Notification payload is a 
unidirectional message a retransmission will not be performed...'

It appears that the design intent is for one-way (unidirectional) usage,
while the configuration mode suggested clearly requires bidirectional
communication...

Scott

Prev by Date: new IKE draft
Next by Date: Re: AH/ESP drafts
Prev by thread: Re: new IKE draft
Next by thread: RE: comments on ...isakmp-mode-cfg-02
Index(es):
- Main
- Thread