RE: Getting the features chart going
Stephane Beaulieu <sbeaulieu@TimeStep.com> Fri, 25 June 1999 21:05 UTC
Received: from lists.tislabs.com (portal.gw.tislabs.com [192.94.214.101]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id OAA04139; Fri, 25 Jun 1999 14:05:49 -0700 (PDT)
Received: by lists.tislabs.com (8.9.1/8.9.1) id OAA25336 Fri, 25 Jun 1999 14:44:54 -0400 (EDT)
Message-Id: <319A1C5F94C8D11192DE00805FBBADDFB8EEDB@exchange>
From: Stephane Beaulieu <sbeaulieu@TimeStep.com>
To: Glen Zorn <glennz@microsoft.com>, Stephane Beaulieu <sbeaulieu@TimeStep.com>, Paul Hoffman / VPNC <paul.hoffman@vpnc.org>, vpnc-technical@vpnc.org
Cc: ipsec <ipsec@lists.tislabs.com>, ipsra <ietf-ipsra@vpnc.org>
Subject: RE: Getting the features chart going
Date: Fri, 25 Jun 1999 14:46:38 -0400
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2232.9)
Content-Type: text/plain; charset="iso-8859-1"
Sender: owner-ipsec@lists.tislabs.com
Precedence: bulk
> The alternatives to XAUTH/ISAKMP-config of which I'm aware > are documented in > http://www.ietf.org/internet-drafts/draft-ietf-ipsec-isakmp-hy > brid-auth-02.t > xt and Again, Hybrid uses XAUTH (and implicitly ISAKMP-Config)to accomplish legacy authentication. It also modifies the behavior of IKE, thus making IKE more complex. > http://www.ietf.org/internet-drafts/draft-ietf-ipsec-dhcp-01.txt; This is a good alternative to ISAKMP-Config. I have a few reservations about creating specialty phase2 tunnels to configuration servers though. However, it does solve the same problem as ISAKMP-Config in a pretty simple, straightforward way and we can surely discuss the pro's and con's of both drafts in order to attempt to arrive at a standard. > there may be others. The major benefits of L2TP over hacking > IKE are pretty > obvious, I think, but include _real_ interoperability, the use of > well-understood protocols for both authentication and remote node > configuration. A more interesting question is why anyone > would favor the > invention of novel extensions to a protocol that is already > far too complex > over the use of widely-deployed, proven techniques. I understand that > firewall vendors have generally not implemented PPP, but > building a basic, > interoperable implementation of either PPP or L2TP is simple > enough to be a > college CS project. IMHO, the introduction of ISAKMP-Config into IKE is **FAR** more simple than implementing L2TP.
- RE: Getting the features chart going Stephane Beaulieu
- RE: Getting the features chart going Stephane Beaulieu
- Re: Getting the features chart going Will Price
- RE: Getting the features chart going Glen Zorn
- RE: Getting the features chart going Glen Zorn
- Re: Getting the features chart going Scott G. Kelly
- Re: Getting the features chart going Scott G. Kelly
- RE: Getting the features chart going Stephane Beaulieu
- RE: Getting the features chart going Bernard Aboba
- RE: Getting the features chart going Bernard Aboba
- RE: Getting the features chart going Bernard Aboba
- IKECFG and DHCP (was Getting the Feature Chart go… Bernard Aboba
- RE: Getting the features chart going Bernard Aboba
- RE: Getting the features chart going Stephane Beaulieu
- Re: IKECFG and DHCP (was Getting the Feature Char… Scott G. Kelly
- RE: IKECFG and DHCP (was Getting the Feature Char… Bernard Aboba