[midcom] SIMCO with IPSec

Stephen Lyda <Stephen.Lyda@siemens.com> Tue, 02 August 2005 18:35 UTC

Received: from localhost.localdomain ([] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1E01bm-0004VS-EL; Tue, 02 Aug 2005 14:35:22 -0400
Received: from odin.ietf.org ([] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1E01bk-0004VN-A9 for midcom@megatron.ietf.org; Tue, 02 Aug 2005 14:35:20 -0400
Received: from ietf-mx.ietf.org (ietf-mx []) by ietf.org (8.9.1a/8.9.1a) with ESMTP id OAA10053 for <midcom@ietf.org>; Tue, 2 Aug 2005 14:35:17 -0400 (EDT)
Received: from mail.siemenscom.com ([]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1E028F-0005Jj-IE for midcom@ietf.org; Tue, 02 Aug 2005 15:08:56 -0400
Received: from imail1.icn.siemens.com (localhost []) by mail.siemenscom.com (8.12.10/8.12.10) with ESMTP id j72IRlNl002166 for <midcom@ietf.org>; Tue, 2 Aug 2005 11:27:47 -0700
Received: from [] (mars.inside.efficient.com []) by imail1.icn.siemens.com (8.12.10/8.12.10) with ESMTP id j72IX1ec014200 for <midcom@ietf.org>; Tue, 2 Aug 2005 11:33:01 -0700 (PDT)
Message-ID: <42EFBCE2.2090004@siemens.com>
Date: Tue, 02 Aug 2005 13:35:14 -0500
From: Stephen Lyda <Stephen.Lyda@siemens.com>
User-Agent: Mozilla Thunderbird 1.0.2 (X11/20050317)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: midcom@ietf.org
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 856eb5f76e7a34990d1d457d8e8e5b7f
Content-Transfer-Encoding: 7bit
Subject: [midcom] SIMCO with IPSec
X-BeenThere: midcom@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: midcom.ietf.org
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/midcom>, <mailto:midcom-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:midcom@ietf.org>
List-Help: <mailto:midcom-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/midcom>, <mailto:midcom-request@ietf.org?subject=subscribe>
Sender: midcom-bounces@ietf.org
Errors-To: midcom-bounces@ietf.org


I was wondering if someone could elaborate on the need for the use of
IPSec with the SIMCO protocol.

If this protocol is designed to be light-weight and usable with lower
end middleboxes, then I do not understand why IPSec encapsulation would
be a firm requirement for all messages.

For the most part, it seems to me that SIMCO messages are going to be
traveling on a local, firewalled, network...and not vulerable to many
malicious attacks from the outside world.

It seems SIMCOs session establishment messages would be adequate enough
to authenticate the SIMCO agent with the middlebox.  The middlebox would
also have the option to reject or select configurations set up by the agent.


midcom mailing list