[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Agenda for the Minneapolis meeting
At 11:22 AM 3/15/2001 -0800, Dan Harkins wrote:
> Can you be more specific on the danger?
>
> One problem I see with not combining the two is the trend to use
>UDP port 500 as a place to multiplex in different protocols. That is
kink and gdoi are not different protocols. The extend IKE as the
standard allows.
Mark
>a bad thing, in my opinion. If MSEC wants to do a group DOI they should
>find a different port to do a multicast key exchange on. Part of this
>problem is compounded by the design of the SA payload in ISAKMP. The
>DOI is _inside_ the SA payload. So if there are multiple protocols
>all communicating on UDP port 500 you have to start parsing a payload
>before you find out the context under which you should parse it. Whoa!
>I think it is insane to not merge the two. We should dissuade people
>from this bad practice while things like kink and gdoi are still at
>internet-draft stage.
>
> Dan.
>
>On Thu, 15 Mar 2001 14:04:35 EST you wrote
> >
> > I still think removing the distinction between IKE and ISAKMP is very
> > dangerous. We are only now beginning to see the benefits of separating the
> > two. With work in progress on areas like MSEC, SMPLS, Tero's KINK draft,
> > Jari's MAP DOI, I think we would be insane to merge the protocol layers at
> > this point in the game
> >
> > Andrew
Follow-Ups:
References: