[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Agenda for the Minneapolis meeting



At 11:22 AM 3/15/2001 -0800, Dan Harkins wrote:
>   Can you be more specific on the danger?
>
>   One problem I see with not combining the two is the trend to use
>UDP port 500 as a place to multiplex in different protocols. That is

kink and gdoi are not different protocols.  The extend IKE as the
standard allows.

Mark

>a bad thing, in my opinion. If MSEC wants to do a group DOI they should
>find a different port to do a multicast key exchange on. Part of this
>problem is compounded by the design of the SA payload in ISAKMP. The
>DOI is _inside_ the SA payload. So if there are multiple protocols
>all communicating on UDP port 500 you have to start parsing a payload
>before you find out the context under which you should parse it. Whoa!
>I think it is insane to not merge the two. We should dissuade people
>from this bad practice while things like kink and gdoi are still at
>internet-draft stage.
>
>   Dan.
>
>On Thu, 15 Mar 2001 14:04:35 EST you wrote
> >
> > I still think removing the distinction between IKE and ISAKMP is very
> > dangerous. We are only now beginning to see the benefits of separating the
> > two. With work in progress on areas like MSEC, SMPLS, Tero's KINK draft,
> > Jari's MAP DOI, I think we would be insane to merge the protocol layers at
> > this point in the game
> >
> > Andrew


Follow-Ups: References: