[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IPSEC and ISAKMP MIBs

To: "Ruchir Malhotra" <ruchir@broadpac.com>, "'Ricky Charlet'" <rcharlet@redcreek.com>, "Shriver, John" <john.shriver@intel.com>, "Ipsec (E-mail)" <ipsec@lists.tislabs.com>
Subject: Re: IPSEC and ISAKMP MIBs
From: "Jari Arkko" <jari.arkko@kolumbus.fi>
Date: Wed, 2 Aug 2000 08:59:53 +0300
Sender: owner-ipsec@lists.tislabs.com


> configuration rather stresses the expressive capabilities of SNMP, to say
> the least.  COPS-PR is probably a much better way to configure IPsec than
> SNMP.


Personally, I don't think the representation mechanisms are the issue. There are
several MIBs for configuring IPsec though they are private, we have one too. It
is possible, though there is no getting around the fact that IPsec configuration
is complicated.

But: If we would actually get down to discussing the MIB or the PIB or the
whatever for configuring IPsec, I believe we'd see many arguments exactly
how the policies etc. are to be represented and exactly what can be configured,
which parameters are mandatory for all implementations, at what level the configurations
are presented and so on. Much more discussions than in the case of the monitoring
MIBs, which have been redesigned multiple times.

It would be interesting to compare the configuration MIB approach and the IPsec
policy WG approach. If the latter reaches a consensus on a schema for IPsec policy,
perhaps the same schema could be represented in multiple ways, as an LDAP database,
as a textual language, as COPS PIB, as an SNMP MIB, ...?

Jari Arkko
Ericsson

Follow-Ups:

Re: IPSEC and ISAKMP MIBs

From: "Luis A. Sanchez" <lsanchez@bbn.com>

Prev by Date: Kerberized Key Management Protocol BOF, Wed, Aug 2, 0900-1130
Next by Date: Re: VPN Bakeoff question
Prev by thread: RE: IPSEC and ISAKMP MIBs
Next by thread: Re: IPSEC and ISAKMP MIBs
Index(es):
- Main
- Thread