Re: [midcom] SIMCO with IPSec
Stephen Lyda <Stephen.Lyda@siemens.com> Thu, 04 August 2005 15:23 UTC
Received: from localhost.localdomain ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1E0hYv-0002pt-Ay; Thu, 04 Aug 2005 11:23:13 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1E0hYt-0002pg-Ve for midcom@megatron.ietf.org; Thu, 04 Aug 2005 11:23:12 -0400
Received: from ietf-mx.ietf.org (ietf-mx [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA18664 for <midcom@ietf.org>; Thu, 4 Aug 2005 11:23:09 -0400 (EDT)
Received: from mail.siemenscom.com ([12.146.131.10]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1E0i5m-0006ue-H2 for midcom@ietf.org; Thu, 04 Aug 2005 11:57:12 -0400
Received: from imail1.icn.siemens.com (localhost [127.0.0.1]) by mail.siemenscom.com (8.12.10/8.12.10) with ESMTP id j74FFPNl022798; Thu, 4 Aug 2005 08:15:25 -0700
Received: from [165.218.35.88] (mars.inside.efficient.com [165.218.35.88]) by imail1.icn.siemens.com (8.12.10/8.12.10) with ESMTP id j74FKotN019642; Thu, 4 Aug 2005 08:20:51 -0700 (PDT)
Message-ID: <42F232D9.90403@siemens.com>
Date: Thu, 04 Aug 2005 10:23:05 -0500
From: Stephen Lyda <Stephen.Lyda@siemens.com>
User-Agent: Mozilla Thunderbird 1.0.6 (X11/20050716)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: Martin Stiemerling <stiemerling@netlab.nec.de>
Subject: Re: [midcom] SIMCO with IPSec
References: <42EFBCE2.2090004@siemens.com> <65660FCF57A8CFD4EFDC2DE3@wired-5-56.ietf63.ietf.org>
In-Reply-To: <65660FCF57A8CFD4EFDC2DE3@wired-5-56.ietf63.ietf.org>
X-Enigmail-Version: 0.92.0.0
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 4adaf050708fb13be3316a9eee889caa
Content-Transfer-Encoding: 7bit
Cc: midcom@ietf.org
X-BeenThere: midcom@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: midcom.ietf.org
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/midcom>, <mailto:midcom-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:midcom@ietf.org>
List-Help: <mailto:midcom-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/midcom>, <mailto:midcom-request@ietf.org?subject=subscribe>
Sender: midcom-bounces@ietf.org
Errors-To: midcom-bounces@ietf.org
Martin, It really was not clear to me reading the latest draft that IPSec was an option. Thank you for the clarification. -Stephen Martin Stiemerling wrote: > Hi Stephen, > > --On Dienstag, 2. August 2005 13:35 Uhr -0500 Stephen Lyda > <Stephen.Lyda@siemens.com> wrote: > > | Greetings, > | > | I was wondering if someone could elaborate on the need for the use of > | IPSec with the SIMCO protocol. > | > | If this protocol is designed to be light-weight and usable with lower > | end middleboxes, then I do not understand why IPSec encapsulation would > | be a firm requirement for all messages. > | > | For the most part, it seems to me that SIMCO messages are going to be > | traveling on a local, firewalled, network...and not vulerable to many > | malicious attacks from the outside world. > | > | It seems SIMCOs session establishment messages would be adequate enough > | to authenticate the SIMCO agent with the middlebox. The middlebox would > | also have the option to reject or select configurations set up by the > | agent. > > SIMCO works fine in all scenarios and basically there two cases to > distinguish: > > 1) running SIMCO in an "unsafe" environment, e.g., over the > Internet or in local Ethernet-based network with shared links > 2) running SIMCO in a closed/controlled environment. > > You are referring to case 2). In this case there is indeed no need > to run SIMCO over IPsec. IPsec is recommended to be used in case 1. > However, it is up to you to decided whether you run SIMCO over IPsec > or not. > > Martin _______________________________________________ midcom mailing list midcom@ietf.org https://www1.ietf.org/mailman/listinfo/midcom
- [midcom] SIMCO with IPSec Stephen Lyda
- Re: [midcom] SIMCO with IPSec Martin Stiemerling
- Re: [midcom] SIMCO with IPSec Stephen Lyda