Re: [midcom] SIMCO with IPSec

Martin Stiemerling <> Thu, 04 August 2005 09:05 UTC

Received: from localhost.localdomain ([] by with esmtp (Exim 4.32) id 1E0bfO-0008EX-6H; Thu, 04 Aug 2005 05:05:30 -0400
Received: from ([] by with esmtp (Exim 4.32) id 1E0bfM-0008EO-3h for; Thu, 04 Aug 2005 05:05:28 -0400
Received: from (ietf-mx []) by (8.9.1a/8.9.1a) with ESMTP id FAA14128 for <>; Thu, 4 Aug 2005 05:05:26 -0400 (EDT)
Received: from ([]) by with esmtp (Exim 4.43) id 1E0cCA-0006ls-5T for; Thu, 04 Aug 2005 05:39:25 -0400
Received: from ( []) by (Postfix) with ESMTP id D96F91BAC4D; Thu, 4 Aug 2005 11:05:12 +0200 (CEST)
Date: Thu, 04 Aug 2005 11:05:11 +0200
From: Martin Stiemerling <>
To: Stephen Lyda <>,
Subject: Re: [midcom] SIMCO with IPSec
Message-ID: <>
In-Reply-To: <>
References: <>
X-Mailer: Mulberry/3.1.6 (Mac OS X)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 52e1467c2184c31006318542db5614d5
Content-Transfer-Encoding: 7bit
X-Mailman-Version: 2.1.5
Precedence: list
List-Unsubscribe: <>, <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>

Hi Stephen,

--On Dienstag, 2. August 2005 13:35 Uhr -0500 Stephen Lyda 
<> wrote:

| Greetings,
| I was wondering if someone could elaborate on the need for the use of
| IPSec with the SIMCO protocol.
| If this protocol is designed to be light-weight and usable with lower
| end middleboxes, then I do not understand why IPSec encapsulation would
| be a firm requirement for all messages.
| For the most part, it seems to me that SIMCO messages are going to be
| traveling on a local, firewalled, network...and not vulerable to many
| malicious attacks from the outside world.
| It seems SIMCOs session establishment messages would be adequate enough
| to authenticate the SIMCO agent with the middlebox.  The middlebox would
| also have the option to reject or select configurations set up by the
| agent.

SIMCO works fine in all scenarios  and basically there two cases to 

1) running SIMCO in an "unsafe" environment, e.g., over the
Internet or in local Ethernet-based network with shared links
2) running SIMCO in a closed/controlled environment.

You are referring to case 2). In this case there is indeed no need
to run SIMCO over IPsec. IPsec is recommended to be used in case 1.
However, it is up to you to decided whether you run SIMCO over IPsec
or not.


midcom mailing list