Re: [IPsec] WG Adoption call for draft-btw-add-ipsecme-ike
Michael Richardson <mcr+ietf@sandelman.ca> Wed, 10 November 2021 23:00 UTC
Return-Path: <mcr@sandelman.ca>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 252853A1467 for <ipsec@ietfa.amsl.com>; Wed, 10 Nov 2021 15:00:41 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iPFIqi90NOyD for <ipsec@ietfa.amsl.com>; Wed, 10 Nov 2021 15:00:39 -0800 (PST)
Received: from relay.sandelman.ca (relay.cooperix.net [176.58.120.209]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E4B1B3A1466 for <ipsec@ietf.org>; Wed, 10 Nov 2021 15:00:38 -0800 (PST)
Received: from dooku.sandelman.ca (desktop4.sandelman.ca [209.87.249.16]) by relay.sandelman.ca (Postfix) with ESMTPS id 869CD1F47B for <ipsec@ietf.org>; Wed, 10 Nov 2021 23:00:36 +0000 (UTC)
Received: by dooku.sandelman.ca (Postfix, from userid 179) id 846F01A0548; Wed, 10 Nov 2021 18:00:35 -0500 (EST)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: ipsec@ietf.org
In-reply-to: <24969.12660.103330.619294@fireball.acr.fi>
References: <24969.12660.103330.619294@fireball.acr.fi>
Comments: In-reply-to Tero Kivinen <kivinen@iki.fi> message dated "Mon, 08 Nov 2021 16:17:24 +0200."
X-Mailer: MH-E 8.6+git; nmh 1.7.1; GNU Emacs 26.3
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha512"; protocol="application/pgp-signature"
Date: Wed, 10 Nov 2021 18:00:35 -0500
Message-ID: <404483.1636585235@dooku>
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipsec/GRiTSH6mAy7Ivv1-VDGj5ay4dwY>
Subject: Re: [IPsec] WG Adoption call for draft-btw-add-ipsecme-ike
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 10 Nov 2021 23:00:41 -0000
> This is the start of 2 week WG adoption call for this document, ending
> 2021-11-22. Please send your reply about whether you support adopting
> this document as WG document or not.
I have browsed through the document.
I don't know if the mechanism is correct or not.
I think that Paul Wouters' email seems correct to me.
I think that there is an interaction with provisioning domains (PvD) which is
not spelled out.
The remote access "VPN" is usually a provisioning domain these days.
In general, I don't think that split-DNS is a good thing.
I don't think that sending all traffic through the VPN is a good thing.
Almost everyone that I know, that has any kind of VPN, has more than one
potentially active at the same time. (but my friends are mostly consultants
like me).
So I object to the entire notion that we need to do anything at all: there
are way better solutions than split-dns, and I think we should stop pandering
to enterprises that live in the dark-ages of 1992 IPv4. Do any of them
actually pay to upgrade/replace their VPN gateway boxes such that they'd actually get
this new code? Are the split-dns or die enthusiasts running IKEv1 w/3DES+MD5?
Having said this, I do not object to the WG doing this work, but I won't be
taking time to review it.
--
Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works
-= IPv6 IoT consulting =-
- [IPsec] WG Adoption call for draft-btw-add-ipsecm… Tero Kivinen
- Re: [IPsec] WG Adoption call for draft-btw-add-ip… mohamed.boucadair
- Re: [IPsec] WG Adoption call for draft-btw-add-ip… Paul Wouters
- Re: [IPsec] WG Adoption call for draft-btw-add-ip… mohamed.boucadair
- Re: [IPsec] WG Adoption call for draft-btw-add-ip… Paul Wouters
- Re: [IPsec] WG Adoption call for draft-btw-add-ip… mohamed.boucadair
- Re: [IPsec] WG Adoption call for draft-btw-add-ip… Paul Wouters
- Re: [IPsec] WG Adoption call for draft-btw-add-ip… mohamed.boucadair
- Re: [IPsec] WG Adoption call for draft-btw-add-ip… tirumal reddy
- Re: [IPsec] WG Adoption call for draft-btw-add-ip… Paul Wouters
- Re: [IPsec] WG Adoption call for draft-btw-add-ip… Michael Richardson
- Re: [IPsec] WG Adoption call for draft-btw-add-ip… Valery Smyslov
- Re: [IPsec] WG Adoption call for draft-btw-add-ip… mohamed.boucadair
- Re: [IPsec] WG Adoption call for draft-btw-add-ip… Tommy Pauly
- Re: [IPsec] WG Adoption call for draft-btw-add-ip… mohamed.boucadair
- [IPsec] WG Adoption call for draft-btw-add-ipsecm… Tero Kivinen
- Re: [IPsec] WG Adoption call for draft-btw-add-ip… mohamed.boucadair