Re: [midcom] SIMCO with IPSec

Stephen Lyda <Stephen.Lyda@siemens.com> Thu, 04 August 2005 15:23 UTC

Received: from localhost.localdomain ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1E0hYv-0002pt-Ay; Thu, 04 Aug 2005 11:23:13 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1E0hYt-0002pg-Ve for midcom@megatron.ietf.org; Thu, 04 Aug 2005 11:23:12 -0400
Received: from ietf-mx.ietf.org (ietf-mx [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA18664 for <midcom@ietf.org>; Thu, 4 Aug 2005 11:23:09 -0400 (EDT)
Received: from mail.siemenscom.com ([12.146.131.10]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1E0i5m-0006ue-H2 for midcom@ietf.org; Thu, 04 Aug 2005 11:57:12 -0400
Received: from imail1.icn.siemens.com (localhost [127.0.0.1]) by mail.siemenscom.com (8.12.10/8.12.10) with ESMTP id j74FFPNl022798; Thu, 4 Aug 2005 08:15:25 -0700
Received: from [165.218.35.88] (mars.inside.efficient.com [165.218.35.88]) by imail1.icn.siemens.com (8.12.10/8.12.10) with ESMTP id j74FKotN019642; Thu, 4 Aug 2005 08:20:51 -0700 (PDT)
Message-ID: <42F232D9.90403@siemens.com>
Date: Thu, 04 Aug 2005 10:23:05 -0500
From: Stephen Lyda <Stephen.Lyda@siemens.com>
User-Agent: Mozilla Thunderbird 1.0.6 (X11/20050716)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: Martin Stiemerling <stiemerling@netlab.nec.de>
Subject: Re: [midcom] SIMCO with IPSec
References: <42EFBCE2.2090004@siemens.com> <65660FCF57A8CFD4EFDC2DE3@wired-5-56.ietf63.ietf.org>
In-Reply-To: <65660FCF57A8CFD4EFDC2DE3@wired-5-56.ietf63.ietf.org>
X-Enigmail-Version: 0.92.0.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 4adaf050708fb13be3316a9eee889caa
Content-Transfer-Encoding: 7bit
Cc: midcom@ietf.org
X-BeenThere: midcom@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: midcom.ietf.org
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/midcom>, <mailto:midcom-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:midcom@ietf.org>
List-Help: <mailto:midcom-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/midcom>, <mailto:midcom-request@ietf.org?subject=subscribe>
Sender: midcom-bounces@ietf.org
Errors-To: midcom-bounces@ietf.org

Martin,

It really was not clear to me reading the latest draft that IPSec was an
option.

Thank you for the clarification.

-Stephen

Martin Stiemerling wrote:
> Hi Stephen,
> 
> --On Dienstag, 2. August 2005 13:35 Uhr -0500 Stephen Lyda
> <Stephen.Lyda@siemens.com> wrote:
> 
> | Greetings,
> |
> | I was wondering if someone could elaborate on the need for the use of
> | IPSec with the SIMCO protocol.
> |
> | If this protocol is designed to be light-weight and usable with lower
> | end middleboxes, then I do not understand why IPSec encapsulation would
> | be a firm requirement for all messages.
> |
> | For the most part, it seems to me that SIMCO messages are going to be
> | traveling on a local, firewalled, network...and not vulerable to many
> | malicious attacks from the outside world.
> |
> | It seems SIMCOs session establishment messages would be adequate enough
> | to authenticate the SIMCO agent with the middlebox.  The middlebox would
> | also have the option to reject or select configurations set up by the
> | agent.
> 
> SIMCO works fine in all scenarios  and basically there two cases to
> distinguish:
> 
> 1) running SIMCO in an "unsafe" environment, e.g., over the
> Internet or in local Ethernet-based network with shared links
> 2) running SIMCO in a closed/controlled environment.
> 
> You are referring to case 2). In this case there is indeed no need
> to run SIMCO over IPsec. IPsec is recommended to be used in case 1.
> However, it is up to you to decided whether you run SIMCO over IPsec
> or not.
> 
>  Martin

_______________________________________________
midcom mailing list
midcom@ietf.org
https://www1.ietf.org/mailman/listinfo/midcom