[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Modefg considered harmful

To: "'sommerfeld@east.sun.com'" <sommerfeld@east.sun.com>, Marcus Leech <mleech@nortelnetworks.com>
Subject: RE: Modefg considered harmful
From: Michael Choung Shieh <mshieh@netscreen.com>
Date: Wed, 5 Feb 2003 19:03:22 -0800
Cc: ipsec@lists.tislabs.com
Sender: owner-ipsec@lists.tislabs.com


> -----Original Message-----
> From: Bill Sommerfeld [mailto:sommerfeld@east.sun.com]
> Sent: Wednesday, February 05, 2003 12:44 PM
> To: Marcus Leech
> Cc: ipsec@lists.tislabs.com
> Subject: Re: Modefg considered harmful 
> 
> 
> > Me too, but there was this issue of the large installed base of
> >   MODECFG-like things in existing implementations.  Since I'm not
> >   an implementor, I'm in the situation where I have to believe that
> >   moving away from a MODECFG-like thing is a hardship.
> 
> Except that you probably *already* have a DHCP implementation already!
> 
> I believe the correct comparison is the complexity of MODECFG vs the
> "DHCP to IPsec glue" code; the latter is likely to be significantly
> smaller than the former.
> 

The comparison probably is not fair.  Since most have MODE-CFG in their
implementation, Most vendors probably have both MODECFG & DHCP codes.

So the comparison is the complexity of adapt MODECFG to IKEv2 vs "DHCP to
IPsec glue" code.  The latter is much more complex and harder to get
interoperable.


> > *If* it's acceptablet to discount such claimed hardship, 
> then I have to
> >   agree with Bernards assertion that the IPSRA-style DHCP 
> approach is
> >   cleaner, more flexible, and in the long-term, less work.
> 
> indeed.
> 
> 					- Bill
> 
> 


=======================
Michael Shieh

Prev by Date: Re: Sensationalism? [was Re: FW: Man in the middle attack against RFC3456.]
Next by Date: RE: A basic question.
Prev by thread: RE: Modefg considered harmful
Next by thread: RE: Modefg considered harmful
Index(es):
- Date
- Thread