[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: Configuration portion of OPEN ISSUES...
Seems like we're converging again... :-)
It is about syntax, but there are disadvantages to using DHCP. Decoding
DHCP messages is not difficult. One problem with it is that DHCP packets
are considerably longer than Config payloads. With all the payloads we
already have, it is always a good idea to reduce the size of the packets.
I am in favor of Config Payloads as they are specified in -05 and as
implemented by some vendors. Further configuration using DHCP is OK, if
needed, but does not affect the IKE protocol.
Yoav Nir
-----Original Message-----
From: owner-ipsec@lists.tislabs.com
[mailto:owner-ipsec@lists.tislabs.com]On Behalf Of Michael Richardson
Subject: Re: Configuration portion of OPEN ISSUES...
I want to emphasis that just because one says "DHCP-over-IKE", that
does not mean that such a system has to talk to a DHCP server. Decoding
DHCP messages is no more difficult than radius, PPP or IKEv2. (Maybe
a lot easier than IKEv1)
You can implement the relevant pieces in the gateway. DHCP vs modecfg
can be just about syntax.
I will fill the state machine changes, and suggest text for dhcp-over-ike,
but I won't bother if there is no interest.
] ON HUMILITY: to err is human. To moo, bovine. | firewalls
[
] Michael Richardson, Sandelman Software Works, Ottawa, ON |net
architect[
] mcr@sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ |device
driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security
guy"); [
============================================================================
==============
The opinions expressed here are my own and do not necessarily reflect those
of my employer