comments on ...isakmp-mode-cfg-02

"Scott G. Kelly" <skelly@redcreek.com> Fri, 13 March 1998 20:51 UTC

Received: (from majordom@localhost) by portal.ex.tis.com (8.8.2/8.8.2) id PAA11958 for ipsec-outgoing; Fri, 13 Mar 1998 15:51:04 -0500 (EST)
Message-ID: <35099F6F.45455058@redcreek.com>
Date: Fri, 13 Mar 1998 13:04:47 -0800
From: "Scott G. Kelly" <skelly@redcreek.com>
Organization: RedCreek Communications
X-Mailer: Mozilla 4.04 [en] (Win95; I)
MIME-Version: 1.0
To: ipsec@tis.com
Subject: comments on ...isakmp-mode-cfg-02
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: owner-ipsec@ex.tis.com
Precedence: bulk

I have a few comments on draft-ietf-ipsec-isakmp-mode-cfg-02.txt. I am
not prepared to comment regarding the usefulness of the proposed
functionality. Rather, I'll confine my comments to the mechanism
proposed for adding the suggested functionality, i.e. piggy-backing
'configuration' messages onto the notify payload.

While such configuration messages might be useful, this is *not* the
best way to add them, and in fact, it looks like a hack. The notify
messages have been defined for one-way communication of status
information, while the configuration exchange being proposed is actually
a 2-way negotiation. Why not suggest a new payload type for this? 

I won't go into all the specific and obvious arguments against the
suggested payload overloading, as I believe these are self-evident. I
will, however, point out that the ISAKMP-09 draft contains the following
text on page 70:

'Because the Informational Exchange with a Notification payload is a 
unidirectional message a retransmission will not be performed...'

It appears that the design intent is for one-way (unidirectional) usage,
while the configuration mode suggested clearly requires bidirectional
communication...

Scott