Re: IKEV2: Issue #3: DHCP vs. Configuration Payload

[Derek Atkins <derek@ihtfp.com>]

Tero Kivinen <kivinen@iki.fi> writes:

> Allowing two things to do the same thing is bad. 

I agree...

> How about the mcr's proposal of having dhcp over IKE, i.e take dhcp
> payload and put it inside the some IKE payload (we can name it to be
> configuration payload, so the configuration payload people will be
> happy too, just change the format to follow the dhcp packet). 

I see this as one of two reasonable approaches.  I'm happy with the
"tunnel DHCP in IKE" approach.  The other approach with which I'm also
happy is "use ModeCfg for IP address, then use DHCP later for
additional configuration".  The one benefit of the latter approach is
that IKE with ModeCfg is guaranteed to complete in 4/6 messages,
whereas IKE with tunneled DHCP is not.  However, I can live with
either approach.

> kivinen@ssh.fi
> SSH Communications Security                  http://www.ssh.fi/
> SSH IPSEC Toolkit                            http://www.ssh.fi/ipsec/

-derek

-- 
       Derek Atkins
       Computer and Internet Security Consultant
       derek@ihtfp.com             www.ihtfp.com