[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Modefg considered harmful



> Me too, but there was this issue of the large installed base of
>   MODECFG-like things in existing implementations.  Since I'm not
>   an implementor, I'm in the situation where I have to believe that
>   moving away from a MODECFG-like thing is a hardship.

Except that you probably *already* have a DHCP implementation already!

I believe the correct comparison is the complexity of MODECFG vs the
"DHCP to IPsec glue" code; the latter is likely to be significantly
smaller than the former.

> *If* it's acceptablet to discount such claimed hardship, then I have to
>   agree with Bernards assertion that the IPSRA-style DHCP approach is
>   cleaner, more flexible, and in the long-term, less work.

indeed.

					- Bill