[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: temp-draft-lebovitz-ipsec-scalable-ikev2cp-00.txt [WAS: Configuration portion of OPEN ISSUES...]

To: "Yoav Nir" <ynir@CheckPoint.com>, <ipsec@lists.tislabs.com>
Subject: RE: temp-draft-lebovitz-ipsec-scalable-ikev2cp-00.txt [WAS: Configuration portion of OPEN ISSUES...]
From: "Darren Dukes" <ddukes@cisco.com>
Date: Wed, 5 Mar 2003 13:44:45 -0500
Importance: Normal
In-Reply-To: <007301c2e2f6$d3b630c0$292e1dc2@YnirNew>
Reply-To: <ddukes@cisco.com>
Sender: owner-ipsec@lists.tislabs.com

MUST to SHOULD - Done

"Act as a relay agent", does this mean
1 - an RFC3456 relay (snooping yiaddr, inject packets into ipsec flows)
2 - a relay that provides is used by the DHCP clients on the IRAS which I
mention in the draft as a todo item?

I'm guessing #2, which I'm writing the text for now.

Thanks.
  Darren

> -----Original Message-----
> From: owner-ipsec@lists.tislabs.com
> [mailto:owner-ipsec@lists.tislabs.com]On Behalf Of Yoav Nir
> Sent: Wednesday, March 05, 2003 4:09 AM
> To: ipsec@lists.tislabs.com
> Subject: RE: temp-draft-lebovitz-ipsec-scalable-ikev2cp-00.txt [WAS:
> Configuration portion of OPEN ISSUES...]
>
>
> Hi Darren and Gregory
>
> From your draft:
>
> "The htype MUST be set to 31 so the DHCP server can distinguish..."
>
> Your draft mandates the use of htype 31 when contacting a DHCP
> server.  This
> would work if all DHCP servers in the world supported the IPsec tunnel
> option.  In fact many don't.  I suggest that the MUST in the
> above sentence
> be changed to SHOULD, and that an option be added for gateways to act as
> DHCP relay agents.
>
> Yoav
>
> -----Original Message-----
> From: owner-ipsec@lists.tislabs.com
> [mailto:owner-ipsec@lists.tislabs.com]On Behalf Of Darren Dukes
> Sent: Tuesday, March 04, 2003 8:04 PM
> To: ipsec@lists.tislabs.com
> Subject: temp-draft-lebovitz-ipsec-scalable-ikev2cp-00.txt [WAS:
> Configuration portion of OPEN ISSUES...]
>
>
> > -----Original Message-----
> > From: Gregory Lebovitz [mailto:Gregory@netscreen.com]
> > Sent: Wednesday, February 26, 2003 12:38 PM
> <SNIP>
> >
> > Or maybe:
> >  * Keep configuration payload, and show (possibly in Appendix or another
> > document) how it works with various backend config servers, i.e. DHCP,
> > RADIUS, LDAP.
> >
> > BTW, Darren Dukes and I are working right now on some text for
> this. Stay
> > tuned.
>
> We've spent the last several days in a bit of a mad dash to get this
> description of Configuration Payloads back ended by DHCPv4 and RADIUS
> fleshed out and to the list while the configuration discussion still has
> legs.  The descriptions of how CP can work with backend config servers is
> about 90% complete and will be cleaned up and more completely fleshed out
> over the next week.  Any suggestions, comments, questions, or answers to
> questions in the draft can be sent directly to the authors or to the ipsec
> list.
>
> Since we missed the cutoff date for new drafts Paul Hoffman/VPNC has
> temporarily hosted the draft.  You can get it here:
> <http://www.vpnc.org/temp-draft-lebovitz-ipsec-scalable-ikev2cp-00.txt>
>
> There are many stray extended ASCII characters that made their
> way into this
> revision, they'll be scrubbed out when the next revision is posted.
>
> Darren Dukes and Gregory Lebovitz
>
>

References:
- RE: temp-draft-lebovitz-ipsec-scalable-ikev2cp-00.txt [WAS: Configuration portion of OPEN ISSUES...]
  - From: "Yoav Nir" <ynir@CheckPoint.com>

Prev by Date: RE: QoS and IKEv2
Next by Date: Auth Method
Prev by thread: RE: temp-draft-lebovitz-ipsec-scalable-ikev2cp-00.txt [WAS: Configuration portion of OPEN ISSUES...]
Next by thread: Clarification re: new versions of AH and ESP
Index(es):
- Date
- Thread