Re: Configuration portion of OPEN ISSUES...

[Pekka Riikonen <priikone@iki.fi>]

:     >> I *think* everyone can live with this.  Some have expressed a desire
:     >> for other solutions (DHCP in IKE for example), but I have not heard
:     >> anyone say that the above solution is not acceptable.
:
:     Bill> You should have heard people (including myself) say that any
:     Bill> configuration scheme within IKE should reuse as much of DHCP syntax
:     Bill> and option codes as possible rather than defining a wholly new
:     Bill> parameter space.
:
:   I want to emphasis that just because one says "DHCP-over-IKE", that
: does not mean that such a system has to talk to a DHCP server. Decoding
: DHCP messages is no more difficult than radius, PPP or IKEv2. (Maybe
: a lot easier than IKEv1)
:
:   You can implement the relevant pieces in the gateway. DHCP vs modecfg
: can be just about syntax.
:
:   I will fill the state machine changes, and suggest text for dhcp-over-ike,
: but I won't bother if there is no interest.
:
I was saying that I like DHCP but it's exchange is too long IMHO for IKE.
Rather CP should just use DHCP options (RFC2132) and keep the exchange as
short as possible.  This wouldn't require clients to do DHCP client
protocol (just options encoder/decoder) and gateways could translate them
to whatever needed.  I don't know what Michael exactly meant what he
wrote, whether it was effectively this same thing or not but, I think
Michael you should update the DHCP over IKE draft to reflect your idea.

	Pekka
___________________________________________________________________________
 Pekka Riikonen                    | Email: priikone@iki.fi
 SSH Communications Security Corp. | http://iki.fi/priikone/
 Tel. +358 (0)40 580 6673          | Snellmanninkatu 34 A 15, 70100 Kuopio
 PGP KeyID A924ED4F: http://iki.fi/~priikone/pubkey.asc