[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Modefg considered harmful

To: Michael Richardson <mcr@xxxxxxxxxxxxxxxxxxxxxx>
Subject: Re: Modefg considered harmful
From: Cheryl Madson <cmadson@xxxxxxxxx>
Date: Thu, 30 Jan 2003 17:31:31 -0800
Cc: ipsec@xxxxxxxxxxxxxxxxx
In-reply-to: <200301310100.h0V10gUL011854@marajade.sandelman.ottawa.on.c a>
References: <Your message of "Thu, 30 Jan 2003 15:09:13 PST." <>
Sender: owner-ipsec@xxxxxxxxxxxxxxxxx

At 05:00 PM 1/30/2003, Michael Richardson wrote:

-----BEGIN PGP SIGNED MESSAGE-----


>>>>> "Bernard" == Bernard Aboba <aboba@xxxxxxxxxxxxx> writes:
    Bernard> OK, I'll speak up.

    Bernard> One of the major requirements for IPSRA in choosing DHCP-based
    Bernard> configuration was so that we could move towards a single
    Bernard> configuration model for both real and virtual interfaces -- and

  Bernard, I support your reasoning for using DHCP.
  (I'd rather that we used DHCPv6 rather than RS/RA. Since DHCP is a lot
easier to secure and extend than RS/RA. But that is a different argument)

  I still do not understand why creating a ephemeral IPsec SA to carry the
DHCP traffic makes sense. I don't see that it is any easier for
bump-in-the-stack implementations, nor do I see it easier for in-stack
implementations.


I've always contended that for IKEv1 that *both* modecfg and DHCP
had the same underlying issue -- an introduction of a "special" state
into the protocol processing (either somewhat explicitly via "phase 1.5"
or implicitly via the "special phase 2 which if it happens has to happen
before any other phase 2").

In other words, I have always hated both proposals, basically as it
assumed that via some <unspecified> miracle both sides would
correctly figure out that this special phase had to happen and not
jump ahead in the state machine.

IMO we can do better with IKEv2. I don't have much opinion one way
or the other about encoding, but we need to explicitly spell it out in
any state machine. I don't care in terms of encoding one way or the
other, but this lack of determinism has to be addressed.

thx - C

] ON HUMILITY: to err is human. To moo, bovine. | firewalls [ ] Michael Richardson, Sandelman Software Works, Ottawa, ON |net architect[ ] mcr@xxxxxxxxxxxxxxxxxxxxxx http://www.sandelman.ottawa.on.ca/ |device driver[ ] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) Comment: Finger me for keys
iQCVAwUBPjnKuIqHRg3pndX9AQEGywP/dRrtuNSBHGPVgiBFLYhSA1asUiFQYjZW
xGu+b/+48x/t0HwhxthBInXiqT1qWwHXf9TxuxK1RPEdpF4+A/bayl7W+bB+UH8q
4q12R+yQkVLvxprJU8VWRxc+Wduzphw9XukDj1gZrIg7MujAIe/YMArJP4LzH8b5
Sk1+sVLVoNE=
=rha4
-----END PGP SIGNATURE-----

====================================
Cheryl Madson
Core IP Engineering; Security and Services
Cisco Systems, Inc.
cmadson@xxxxxxxxx

Follow-Ups:
- RE: Modefg considered harmful
  - From: Darren Dukes
- Re: Modefg considered harmful
  - From: Geoff Keating
- Re: Modefg considered harmful
  - From: Theodore Ts'o
- Re: Modefg considered harmful
  - From: Michael Richardson

References:
- Modefg considered harmful
  - From: Bernard Aboba

Prev by Date: Re: Modefg considered harmful
Next by Date: Re: Modefg considered harmful
Previous by thread: Re: Modefg considered harmful
Next by thread: Re: Modefg considered harmful
Index(es):
- Date
- Thread