Re: Proposed Configuration payload for IKEv2

[Michael Richardson <mcr@xxxxxxxxxxxxxxxxxxxxxx>]

-----BEGIN PGP SIGNED MESSAGE-----


>>>>> "Darren" == Darren Dukes <ddukes@xxxxxxxxx> writes:
    Darren> I've never implemented draft-ietf-ipsec-dhcp-13.txt but if it works well it
    Darren> could be used for address assignment.  However there has been opposition to
    Darren> the short-lived DHCP-specific tunnel and the group that met after the
    Darren> November IETF meeting wanted something that was well understood by
    Darren> implementers, and was deployed.  CP (Configuration Payload, AKA modecfg) was
    Darren> a good fit for that.

  I still think that pushing DHCP payloads over IKE phase 1, and having the
gateway IKE either process them directly, or encapsulate them appropriately
and punt them to a DHCP server is better than these short lived tunnels with
very weird selectors.

]       ON HUMILITY: to err is human. To moo, bovine.           |  firewalls  [
]   Michael Richardson, Sandelman Software Works, Ottawa, ON    |net architect[
] mcr@xxxxxxxxxxxxxxxxxxxxxx http://www.sandelman.ottawa.on.ca/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
Comment: Finger me for keys

iQCVAwUBPh8npoqHRg3pndX9AQGbXAQA03kRckpqEtskpDR6wohPcvTRCQeXD/h1
JHpTNtU58+xhKkLIokoqrylceAZAl/MaafMRbqGRg3tb4qXl7gALJkhv6RMDNiR2
VGt0ty9zVWWSP0dT3fa+VARLh/vJJylJrfpDHp7Ii/AyIWge6pYx/NSzGLLFSlSb
sD/dioXk7Pk=
=m0b5
-----END PGP SIGNATURE-----