SORT BY:

LIST ORDER
THREAD
AUTHOR
SUBJECT


SEARCH

IPS HOME


    [Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

    IPSEC: IKE preshared keys, ID payload, and DHCP


    • To: "Ips Reflector (E-mail)" <ips@ece.cmu.edu>
    • Subject: IPSEC: IKE preshared keys, ID payload, and DHCP
    • From: "Michael Klock" <mklock@Crossroads.com>
    • Date: Tue, 11 Dec 2001 17:50:14 -0600
    • content-class: urn:content-classes:message
    • Content-Transfer-Encoding: 8bit
    • Content-Type: text/plain;charset="iso-8859-1"
    • Sender: owner-ips@ece.cmu.edu
    • Thread-Index: AcGCnpQ2ssPhFbqmSsOHbpqCy9ydJw==
    • Thread-Topic: IPSEC: IKE preshared keys, ID payload, and DHCP

    
    I searched the archives, but couldn't find a discussion directly related to this topic. Apologies if I missed one.
    
    If only the required IKE mode of preshared keys is supported and ID payloads must contain a single IP address (ips-security-06, last paragraph, page 12), how are DHCP-enabled ports handled? When setting up the preshared key, an administrator needs to know the IP address since this is what the ID payload will identify (and what is used to select the preshared key). But can't the IP address change for a DHCP-enabled port on a power cycle, or lease expiration, etc.? Is there an assumption that only ports with static IP addresses are being used?
    
    In a related vein, will the IPSec DOI definition be updated to include iSCSI names for ID payload types? I think this would remove the problem with DHCP (at least for IKE Aggressive Mode).
    
    Thanks for the help,
    Mike.
    
    Michael M. Klock
    Crossroads Systems, Inc.
    (512) 928-7292
    
    


Home

Last updated: Fri Dec 14 12:17:40 2001
8055 messages in chronological order