[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Splitting the IPSEC-POLICY-MIB into 3 parts.




The MIB for this WG was completed a year ago, and got reviewed by one
AD and the comments were Incorporated.  But it has not been reviewed
by one of the security area ADs, and there it sat for a long time.
Part of the problem is that the size of the document was, um, large
due to the number of configuration options that IKE and IPsec require.

In the mean time, two other working groups have wanted to make use of
the security-policy/filtering mechanisms defined by the first half of
the MIB (the smallest and easiest to understand portion of the MIB).
However, these WGs were unwilling to use it unless it became a
separate document (IE, the conformance statements at the bottom of the
MIB were not understood since they specifically documented that
implementation of the IPsec portions weren't necessary to claim
conformance with the firewall/filtering quarter of the MIB).

Anyway....  In an effort to resolve these problems, the authors would
like to split the document into 3 parts.  1 part for SPD
configuration, 1 part for IPsec parameters and static SAs, and 1 part
for IKE.

The final reasoning for doing this should be obvious: it will be easy
to drop/historic the IKE portion when IKEv2 takes off.

If there are no objections to this, we'll do this and republish within
a few weeks.

Argument Summary:
+ more readable
+ more reusable
+ smaller documents
+ easy to make the IKE piece historic.

-- 
Wes Hardaker
Sparta