RE: Configuration portion of OPEN ISSUES...

[Van Aken Dirk <Dirk.VanAken@thomson.net>]

Hi Folks,

See my comments inline.



><trimmed> 
> For the record, I did not suggest DHCP-over-IKE, and I think Tero,
> Derek, and Tylor did (and maybe Pekka too). There were a number of
> others as well, including Gregory Lebovitz and Michael Richardson. For
> my part, I suggested that it should be *discussed* as one possible
> alternative, and I am glad to see that the discussion has not been
> summarily abbreviated. 
> 
> Arguably, one of the reasons we are still discussing remote access
> issues after 4 years of bickering is that the discussion 
> process has not
> truly been open. Directives have come down from the AD's and/or the wg
> chairs without adequate open discussion of the issues and 
> alternatives.
> Remote access has been treated as an unwanted stepchild of ipsec, when
> in fact, it is one to the primary commercial deployment scenarios for
> ipsec today.

Same opinion! I'm active in the DSL router space and due the fact that DSL
is unlocking bandwidth at a very cheap price/fee we see central office LAN's
constantly expanding via WAN DSL links and a churn from expensive leased
lines towards DSL. IPSec complements this move as it provides for security.
Of course some people will again say this is out of the ipsra scope ...

> 
> Everyone here who has been participating must agree that at 
> some times,
> some topics have been off-limits - and it is not clear that this has
> been appropriate. We will only reach an agreement (which may 
> turn out to
> be one that is distasteful in equal parts for all concerned) if the
> process is open. Clearly it must be a bounded discussion in terms of
> time, but it must be had in full regardless of its impact upon
> artificial deadlines. Even though we all want to get this 
> behind us asap
> and move on, the discussion will never finally be closed until we all
> agree that all realistic approaches have been fairly evaluated.

Correct ! The discussion on RFC3456 proves this point: some people seemed
not familiar with DHCP so how can one discuss a proposal as one does not
understand the basic architecture. Of course the same applies to me: I'm not
that familiar with IPSec ;-) ...

Dirk

> 
> > One of the frustrating things about trying to determine consensus in
> > the IPSEC wg is that the consensus seems to change from 
> week to week,
> > perhaps (in part) because some wg contributors are not reading this
> > mailing list regularly.
> 
> I think a few of us have flip-flopped or otherwise 
> significantly altered
> our positions in the last month (or at least, I know that I have). For
> my part, it has been largely due to running out of energy, 
> and tiring of
> the squabbling after so many years. I still have strong opinions about
> how little need there is to impact ipsec/ike with remote access
> configuration, but I am clearly in the minority, and in the 
> interest of
> forward progress, I have demonstrated my willingness to acknowledge my
> fallibility, and to compromise and move forward. I would hope others
> would do the same, and that the comment above is not intended to
> criticize those who might do so.
> 
> Scott
> 

----------------------------------------------------------- 
As of February 12, 2003 Thomson unifies its email addresses on a worldwide
basis.Please note my new email address: dirk.vanaken@thomson.net 

Thomson is the leader in solutions and technologies for the entertainment
and media industries and serves its customers under its four strategic
brands: Technicolor, Grass Valley, RCA and THOMSON. 
More about Thomson: http://www.thomson.net/videochain