[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Agenda for the Minneapolis meeting
Can you be more specific on the danger?
One problem I see with not combining the two is the trend to use
UDP port 500 as a place to multiplex in different protocols. That is
a bad thing, in my opinion. If MSEC wants to do a group DOI they should
find a different port to do a multicast key exchange on. Part of this
problem is compounded by the design of the SA payload in ISAKMP. The
DOI is _inside_ the SA payload. So if there are multiple protocols
all communicating on UDP port 500 you have to start parsing a payload
before you find out the context under which you should parse it. Whoa!
I think it is insane to not merge the two. We should dissuade people
from this bad practice while things like kink and gdoi are still at
internet-draft stage.
Dan.
On Thu, 15 Mar 2001 14:04:35 EST you wrote
>
> I still think removing the distinction between IKE and ISAKMP is very
> dangerous. We are only now beginning to see the benefits of separating the
> two. With work in progress on areas like MSEC, SMPLS, Tero's KINK draft,
> Jari's MAP DOI, I think we would be insane to merge the protocol layers at
> this point in the game
>
> Andrew
Follow-Ups:
References: