[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: Splitting the IPSEC-POLICY-MIB into 3 parts.
Makes sense to me
Bert
> -----Original Message-----
> From: Wes Hardaker [mailto:hardaker@xxxxxxxxxxx]
> Sent: maandag 10 november 2003 23:27
> To: ipsec-policy@xxxxxxxx
> Subject: Splitting the IPSEC-POLICY-MIB into 3 parts.
>
>
>
>
> The MIB for this WG was completed a year ago, and got reviewed by one
> AD and the comments were Incorporated. But it has not been reviewed
> by one of the security area ADs, and there it sat for a long time.
> Part of the problem is that the size of the document was, um, large
> due to the number of configuration options that IKE and IPsec require.
>
> In the mean time, two other working groups have wanted to make use of
> the security-policy/filtering mechanisms defined by the first half of
> the MIB (the smallest and easiest to understand portion of the MIB).
> However, these WGs were unwilling to use it unless it became a
> separate document (IE, the conformance statements at the bottom of the
> MIB were not understood since they specifically documented that
> implementation of the IPsec portions weren't necessary to claim
> conformance with the firewall/filtering quarter of the MIB).
>
> Anyway.... In an effort to resolve these problems, the authors would
> like to split the document into 3 parts. 1 part for SPD
> configuration, 1 part for IPsec parameters and static SAs, and 1 part
> for IKE.
>
> The final reasoning for doing this should be obvious: it will be easy
> to drop/historic the IKE portion when IKEv2 takes off.
>
> If there are no objections to this, we'll do this and republish within
> a few weeks.
>
> Argument Summary:
> + more readable
> + more reusable
> + smaller documents
> + easy to make the IKE piece historic.
>
> --
> Wes Hardaker
> Sparta
>