[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Choosing between IKEv2 and JFK
There seems to be a misconception that we need IKEv1 or a design very similar
to it to do the things people consider useful. As far as I can tell, these
things include (but are probably not limited to):
- IPSRA kinds of things
- dead peer detection
- error messages
- SA deletion
The latter is in fact provided by JFK; extensive informational messages are
needed only if there are many potential reasons for protocol failure (JFK
does provide for some --- we just haven't defined 30-odd different error codes,
since they are not needed); as for remote tunnel configuration and dead
peer detection, my feeling is that they are both somewhat fuzzy issues and
that they are not necessary to include in the core protocol -- they can just
as easily be implemented as supplemental *application* protocols. This allows
for much simpler implementations and better replaceability of such components.
After all, we don't want to be changing the protocol every so often --- I
would argue that, ideally, we don't want to be changing the implementations
all that often either.
-Angelos