Re: [IPsec] Comments on proposed draft-ietf-ipsecme-ad-vpn-problem-02
Vishwas Manral <vishwas.ietf@gmail.com> Fri, 14 December 2012 22:09 UTC
Return-Path: <vishwas.ietf@gmail.com>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C2DB921F8983 for <ipsec@ietfa.amsl.com>; Fri, 14 Dec 2012 14:09:32 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.78
X-Spam-Level:
X-Spam-Status: No, score=-2.78 tagged_above=-999 required=5 tests=[AWL=-0.382, BAYES_00=-2.599, HTML_MESSAGE=0.001, J_CHICKENPOX_13=0.6, J_CHICKENPOX_14=0.6, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0l7v2oSnS5BL for <ipsec@ietfa.amsl.com>; Fri, 14 Dec 2012 14:09:32 -0800 (PST)
Received: from mail-qa0-f51.google.com (mail-qa0-f51.google.com [209.85.216.51]) by ietfa.amsl.com (Postfix) with ESMTP id EB4D921F89E6 for <ipsec@ietf.org>; Fri, 14 Dec 2012 14:09:31 -0800 (PST)
Received: by mail-qa0-f51.google.com with SMTP id i20so1173293qad.10 for <ipsec@ietf.org>; Fri, 14 Dec 2012 14:09:31 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=Xw5ni/wl5FYMoiWbuEOnU2h3U++uZh5kkGbENq62IRs=; b=qys60rEh8mW9mcyvl1m2Q6+HPdd0ZTrq6djl+KRej4cXPKl4KjPXEG7ED8b3Bzf3MR cBwy0m0gucYzdHa4xpPc/XjZc7sBVwGau3Wlxw/tM8qClP2e30XJnpl+NCzXkBT3QNAX 5RpzL1dHdTeCS5v328ywVmXfgqFAHz/nguccBEdzHptDPzOTR7s7uD0xSIg4kT5Q3kv9 sVFzLD4S9hauyadyDt+w7IJ8EU09v/fDPQ+j/4v4B8ewTjoCOJhw3+P382qbkk/74g/f zUlBk9M9aPbfGTB5l3gG2+mpWH7NEXPY7YYgBBC4TNQPFENQ5ViHv81+Zcc3V3K1Ie7y rdbQ==
MIME-Version: 1.0
Received: by 10.49.118.138 with SMTP id km10mr3596176qeb.18.1355522971446; Fri, 14 Dec 2012 14:09:31 -0800 (PST)
Received: by 10.229.92.77 with HTTP; Fri, 14 Dec 2012 14:09:31 -0800 (PST)
In-Reply-To: <9D8C5AA9-B072-445C-813E-FA187ED75BCE@cisco.com>
References: <0B592A71-6BE1-4988-8BA7-2F3CD61AD03A@cisco.com> <CAOyVPHRk49O0eX3KzCGB6usDW=aQhpe3=cPsQfSQM=sZQOE4Rg@mail.gmail.com> <154376FC-F5D4-472F-B321-5B2ED0C5CA2C@cisco.com> <50CB6CA4.3020806@labn.net> <9D8C5AA9-B072-445C-813E-FA187ED75BCE@cisco.com>
Date: Fri, 14 Dec 2012 14:09:31 -0800
Message-ID: <CAOyVPHTW=zNFzteZmoqOUMBj0rDEyYuXGo80sjgJHjqdx2WUdA@mail.gmail.com>
From: Vishwas Manral <vishwas.ietf@gmail.com>
To: Brian Weis <bew@cisco.com>
Content-Type: multipart/alternative; boundary="047d7b6d97a232ac5904d0d74947"
Cc: "vishwas.manral@hp.com" <vishwas.manral@hp.com>, ipsec@ietf.org, Stephen Hanna <shanna@juniper.net>, Lou Berger <lberger@labn.net>
Subject: Re: [IPsec] Comments on proposed draft-ietf-ipsecme-ad-vpn-problem-02
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipsec>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 14 Dec 2012 22:09:32 -0000
Hi Brian/ Lou, So as a resolution for this, the only change required would be replacing the requirement to: There is also the case when L3VPNs operate over IPsec Tunnels, for example Provider Edge (PE) based VPN's. An ADVPN MUST support L3VPN as an application protected by the IPsec Tunnels. I can do that now and post the new version of the draft across. Thanks, Vishwas ===================================================== On Fri, Dec 14, 2012 at 1:56 PM, Brian Weis <bew@cisco.com> wrote: > Hi Lou, > > On Dec 14, 2012, at 10:15 AM, Lou Berger <lberger@labn.net> wrote: > > > Brian, > > Opps, should have replied to this message (and not the prior). > > > > My previous mail basically said the new requirement is placed on the > > ADVPN solution, not a particular implementation. I think it's important > > to ensure that the overall solution provides for Requirement 14, and I'm > > not sure how this can be done without a requirement. > > If I understand correctly, these requirements are intending to be relevant > to "ADVPN solutions" that don't include network infrastructure. It doesn't > make sense to me to make a "ADVPN solution" implemented on PCs and > comprised exclusively of PCs subject to this as a general requirement. > > All other MUST requirements in Section 4 seem to apply equally to all use > cases. > > > > > See below for additional specific responses. > > [snip] > > >> Lou, would something like the following text in Section 2.2 be a > >> satisfactory replacement for Requirement 14? > >> > >> There is also the case when L3VPNs operate over IPsec Tunnels, > >> for example Provider Edge (PE) based VPN's. An AD VPN must > >> support L3VPN as an application protected by the IPsec > >> Tunnels. > > > > it he must was a MUST, sure. > > I'd happily support a MUST here. There aren't any other MUSTs outside of > Section 4, but I don't know why. > > Thanks, > Brian > > > > > Lou > >
- [IPsec] Comments on proposed draft-ietf-ipsecme-a… Brian Weis
- Re: [IPsec] Comments on proposed draft-ietf-ipsec… Vishwas Manral
- Re: [IPsec] Comments on proposed draft-ietf-ipsec… Brian Weis
- Re: [IPsec] Comments on proposed draft-ietf-ipsec… Lou Berger
- Re: [IPsec] Comments on proposed draft-ietf-ipsec… Lou Berger
- Re: [IPsec] Comments on proposed draft-ietf-ipsec… Brian Weis
- Re: [IPsec] Comments on proposed draft-ietf-ipsec… Vishwas Manral
- Re: [IPsec] Comments on proposed draft-ietf-ipsec… Lou Berger
- Re: [IPsec] Comments on proposed draft-ietf-ipsec… Lou Berger
- Re: [IPsec] Comments on proposed draft-ietf-ipsec… Brian Weis
- Re: [IPsec] Comments on proposed draft-ietf-ipsec… Vishwas Manral
- Re: [IPsec] Comments on proposed draft-ietf-ipsec… Lou Berger