RE: CALL FOR DISCUSSION: DHCP over IKE vs Configuration Payload

[Gregory Lebovitz <Gregory@netscreen.com>]

> -----Original Message-----
> From: Bill Sommerfeld [mailto:sommerfeld@east.sun.com]
> Sent: Monday, April 14, 2003 1:03 PM
> To: Michael Thomas
> Cc: Charlie_Kaufman@notesdev.ibm.com; Theodore Ts'o;
> ipsec@lists.tislabs.com; owner-ipsec@lists.tislabs.com
> Subject: Re: CALL FOR DISCUSSION: DHCP over IKE vs 
> Configuration Payload
> 
> 
> 
> > Well, there's that too, but I get the impression
> > that config-over-IKE is pretty well ingrained so
> > trying to excise that mindset at this point is
> > pretty hopeless. Thus to my mind, lesser of evils
> > is to beg, borrow and steal and punt as much work
> > as possible to other wg's that actually care about
> > this sort of thing...
> 
> Indeed.  My sense is that configuration is not an area of expertise
> for the members of this WG, and incorporating DHCP as-is is a better
> solution than trying to reinvent a wheel here.
> 
> 					- Bill

so the problem here is that we are assuming that the world uses only DHCP to
configure, when, from all my customer contact, it seems to me that people
use DHCP on local networks, but for remote access, especially the very large
ones, they tend to use RADIUS for configuration and authentication. This is
ESPECIALLY true of all my large enterprise customers.