RE: Getting the features chart going
Glen Zorn <glennz@microsoft.com> Fri, 25 June 1999 21:48 UTC
Received: from lists.tislabs.com (portal.gw.tislabs.com [192.94.214.101]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id OAA04424; Fri, 25 Jun 1999 14:48:44 -0700 (PDT)
Received: by lists.tislabs.com (8.9.1/8.9.1) id PAA25715 Fri, 25 Jun 1999 15:52:27 -0400 (EDT)
Message-ID: <4FD6422BE942D111908D00805F3158DF16F71920@RED-MSG-52>
From: Glen Zorn <glennz@microsoft.com>
To: Stephane Beaulieu <sbeaulieu@TimeStep.com>, Stephane Beaulieu <sbeaulieu@TimeStep.com>, Paul Hoffman / VPNC <paul.hoffman@vpnc.org>, vpnc-technical@vpnc.org
Cc: ipsec <ipsec@lists.tislabs.com>, ipsra <ietf-ipsra@vpnc.org>
Subject: RE: Getting the features chart going
Date: Fri, 25 Jun 1999 12:05:28 -0700
X-Mailer: Internet Mail Service (5.5.2448.0)
Sender: owner-ipsec@lists.tislabs.com
Precedence: bulk
Yes, I seem to have misread the hybrid auth draft. -----Original Message----- From: Stephane Beaulieu [mailto:sbeaulieu@TimeStep.com] Sent: Friday, June 25, 1999 11:47 AM To: Glen Zorn; Stephane Beaulieu; Paul Hoffman / VPNC; vpnc-technical@vpnc.org Cc: ipsec; ipsra Subject: RE: Getting the features chart going > The alternatives to XAUTH/ISAKMP-config of which I'm aware > are documented in > http://www.ietf.org/internet-drafts/draft-ietf-ipsec-isakmp-hy > brid-auth-02.t > xt and Again, Hybrid uses XAUTH (and implicitly ISAKMP-Config)to accomplish legacy authentication. It also modifies the behavior of IKE, thus making IKE more complex. > http://www.ietf.org/internet-drafts/draft-ietf-ipsec-dhcp-01.txt; This is a good alternative to ISAKMP-Config. I have a few reservations about creating specialty phase2 tunnels to configuration servers though. However, it does solve the same problem as ISAKMP-Config in a pretty simple, straightforward way and we can surely discuss the pro's and con's of both drafts in order to attempt to arrive at a standard. > there may be others. The major benefits of L2TP over hacking > IKE are pretty > obvious, I think, but include _real_ interoperability, the use of > well-understood protocols for both authentication and remote node > configuration. A more interesting question is why anyone > would favor the > invention of novel extensions to a protocol that is already > far too complex > over the use of widely-deployed, proven techniques. I understand that > firewall vendors have generally not implemented PPP, but > building a basic, > interoperable implementation of either PPP or L2TP is simple > enough to be a > college CS project. IMHO, the introduction of ISAKMP-Config into IKE is **FAR** more simple than implementing L2TP.
- RE: Getting the features chart going Stephane Beaulieu
- RE: Getting the features chart going Stephane Beaulieu
- Re: Getting the features chart going Will Price
- RE: Getting the features chart going Glen Zorn
- RE: Getting the features chart going Glen Zorn
- Re: Getting the features chart going Scott G. Kelly
- Re: Getting the features chart going Scott G. Kelly
- RE: Getting the features chart going Stephane Beaulieu
- RE: Getting the features chart going Bernard Aboba
- RE: Getting the features chart going Bernard Aboba
- RE: Getting the features chart going Bernard Aboba
- IKECFG and DHCP (was Getting the Feature Chart go… Bernard Aboba
- RE: Getting the features chart going Bernard Aboba
- RE: Getting the features chart going Stephane Beaulieu
- Re: IKECFG and DHCP (was Getting the Feature Char… Scott G. Kelly
- RE: IKECFG and DHCP (was Getting the Feature Char… Bernard Aboba