[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: dhcp/modecfg summary

To: "Scott G. Kelly" <scott@bstormnetworks.com>
Subject: Re: dhcp/modecfg summary
From: Michael Richardson <mcr@sandelman.ottawa.on.ca>
Date: Fri, 07 Feb 2003 20:22:29 -0500
cc: ipsec@lists.tislabs.com
In-reply-to: Your message of "Thu, 06 Feb 2003 09:20:18 PST." <3E429952.26EF2762@bstormnetworks.com>
Sender: owner-ipsec@lists.tislabs.com

-----BEGIN PGP SIGNED MESSAGE-----


>>>>> "Scott" == Scott G Kelly <scott@bstormnetworks.com> writes:
    Scott> - some folks seem to imply that remote access entails only a pc
    Scott> connected to the target network over the internet; in fact, many
    Scott> telecommuter applications involve a personal sgw at the remote
    Scott> end, with a small network behind it - this should not be ignored
    Scott> in evaluating prospective mechanisms.

  This is small office VPN to me, not a road warrior. 
  Unless you claim that it moves around, it is really a different situation
than RW. If you claim that it is in scope, then so are all "VPN"s.

    Scott> - one stated aim of this wg in redesigning IKE has been to
    Scott> minimize impact on ike, to not add anything which is not

  I want to emphasis that while we want to minimize impact on ike, we are
changing that piece. We want *ZERO* impact on RFC2401 if possible. We may add
(i.e. AES being a MUST) to 2401bis, but I think that IKEv2 should assume that
IPsec is implemented in some piece of silicon and can't be changed.

    Scott> required. If we stick to this position, this seems to imply that
    Scott> dhcp support will be required regardless (via dhcp inform and
    Scott> relay), unless we actually intend to expand modecfg2 to encompass

  I agree.

  To me, the only question is: DHCP over IPsec vs DHCP over IKE.
  DHCP over IKE basically looks just like modecfg.

  Thank you very much for the summary.

]       ON HUMILITY: to err is human. To moo, bovine.           |  firewalls  [
]   Michael Richardson, Sandelman Software Works, Ottawa, ON    |net architect[
] mcr@sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
Comment: Finger me for keys

iQCVAwUBPkRb1IqHRg3pndX9AQE4ngP9HiXgkhtrT930DSuLWYVAXpUVTLsgEv3A
Ec5jlFtONC7xbFToVqVPMtLSuaxDJ91KE/ntA7q9X3T48c+lUCNxSoAzeSKnGW9h
MrSVNARAhGVqXtziTqAKNO6Ni0NQbHg595Xp5CyjZVzFYJFCclMjt9in7GVt4/Hz
Sc7cWsTdVl8=
=Q82N
-----END PGP SIGNATURE-----

Follow-Ups:
- Re: dhcp/modecfg summary
  - From: "Scott G. Kelly" <scott@airespace.com>

References:
- dhcp/modecfg summary
  - From: "Scott G. Kelly" <scott@bstormnetworks.com>

Prev by Date: Re: dhcp/modecfg summary
Next by Date: Re: dhcp/modecfg summary
Prev by thread: RE: dhcp/modecfg summary
Next by thread: Re: dhcp/modecfg summary
Index(es):
- Date
- Thread