Re: [IPsec] Comments on proposed draft-ietf-ipsecme-ad-vpn-problem-02
Vishwas Manral <vishwas.ietf@gmail.com> Mon, 17 December 2012 18:52 UTC
Return-Path: <vishwas.ietf@gmail.com>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 56DEE21F8852 for <ipsec@ietfa.amsl.com>; Mon, 17 Dec 2012 10:52:16 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.748
X-Spam-Level:
X-Spam-Status: No, score=-2.748 tagged_above=-999 required=5 tests=[AWL=-0.350, BAYES_00=-2.599, HTML_MESSAGE=0.001, J_CHICKENPOX_13=0.6, J_CHICKENPOX_14=0.6, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5qsXuXejWqTV for <ipsec@ietfa.amsl.com>; Mon, 17 Dec 2012 10:52:15 -0800 (PST)
Received: from mail-qc0-f182.google.com (mail-qc0-f182.google.com [209.85.216.182]) by ietfa.amsl.com (Postfix) with ESMTP id 736F621F8853 for <ipsec@ietf.org>; Mon, 17 Dec 2012 10:52:15 -0800 (PST)
Received: by mail-qc0-f182.google.com with SMTP id k19so4149218qcs.27 for <ipsec@ietf.org>; Mon, 17 Dec 2012 10:52:15 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=lxi84detk/8ClJPYG0uID33sLmpbS6EQl5j2cQbXHkM=; b=t7IjCVoMZP5A6FztpmOjE8lmdcPZJ9QYTiAT/59SC9bdsvmkxgzlc6ZnweLZ6QPdku +YOY8ekmovZgncXRaY0TnWHoa7PBhuaUIjEq/Sfunr9eywizhO6g8ig0FusPYewUdsvr nnRklPd1iFd1vsETQ089liUjcBTluYnLYWMH3z/hnV2hKPaRAEUMbN/HGVhWXJpu7Qtr wunSSvYkqjN7DWb9VVGHXKHquCcDqkKYca0r4IPR49zssY/1VKP72nQrH/r1l2PcPWfC g0gUUVRFZuXWtyXyk6FJK29pH533l84fSj5EBvhRRuVlAER6B80G3Us/MOZuzG7K7ejG iQ4Q==
MIME-Version: 1.0
Received: by 10.224.221.145 with SMTP id ic17mr6632552qab.34.1355770334919; Mon, 17 Dec 2012 10:52:14 -0800 (PST)
Received: by 10.229.92.77 with HTTP; Mon, 17 Dec 2012 10:52:14 -0800 (PST)
In-Reply-To: <F1923125-B429-4EC6-8135-D80B070A3D0F@cisco.com>
References: <0B592A71-6BE1-4988-8BA7-2F3CD61AD03A@cisco.com> <CAOyVPHRk49O0eX3KzCGB6usDW=aQhpe3=cPsQfSQM=sZQOE4Rg@mail.gmail.com> <154376FC-F5D4-472F-B321-5B2ED0C5CA2C@cisco.com> <50CB6CA4.3020806@labn.net> <9D8C5AA9-B072-445C-813E-FA187ED75BCE@cisco.com> <50CE010E.4000709@labn.net> <F1923125-B429-4EC6-8135-D80B070A3D0F@cisco.com>
Date: Mon, 17 Dec 2012 10:52:14 -0800
Message-ID: <CAOyVPHTY_9HsYEE--ZFzEpsQVYuDzN8zUUpQ4zSpJC5OaZPSaQ@mail.gmail.com>
From: Vishwas Manral <vishwas.ietf@gmail.com>
To: Brian Weis <bew@cisco.com>
Content-Type: multipart/alternative; boundary="20cf3074b45835badb04d110e1d4"
Cc: "vishwas.manral@hp.com" <vishwas.manral@hp.com>, ipsec@ietf.org, Stephen Hanna <shanna@juniper.net>, Lou Berger <lberger@labn.net>
Subject: Re: [IPsec] Comments on proposed draft-ietf-ipsecme-ad-vpn-problem-02
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipsec>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 17 Dec 2012 18:52:16 -0000
Perfect. I will send the udpated draft today. -Vishwas On Mon, Dec 17, 2012 at 10:43 AM, Brian Weis <bew@cisco.com> wrote: > > On Dec 16, 2012, at 9:12 AM, Lou Berger <lberger@labn.net> wrote: > > > Brian, > > Just want to confirm that Vishwas solution closes this issue. > Agreed? > > Agreed! > > Thanks, > Brian > > > > > Thanks, > > Lou > > > > On 12/14/2012 4:56 PM, Brian Weis wrote: > >> Hi Lou, > >> > >> On Dec 14, 2012, at 10:15 AM, Lou Berger <lberger@labn.net> wrote: > >> > >>> Brian, > >>> Opps, should have replied to this message (and not the prior). > >>> > >>> My previous mail basically said the new requirement is placed on the > >>> ADVPN solution, not a particular implementation. I think it's > important > >>> to ensure that the overall solution provides for Requirement 14, and > I'm > >>> not sure how this can be done without a requirement. > >> > >> If I understand correctly, these requirements are intending to be > relevant to "ADVPN solutions" that don't include network infrastructure. It > doesn't make sense to me to make a "ADVPN solution" implemented on PCs and > comprised exclusively of PCs subject to this as a general requirement. > >> > >> All other MUST requirements in Section 4 seem to apply equally to all > use cases. > >> > >>> > >>> See below for additional specific responses. > >> > >> [snip] > >> > >>>> Lou, would something like the following text in Section 2.2 be a > >>>> satisfactory replacement for Requirement 14? > >>>> > >>>> There is also the case when L3VPNs operate over IPsec Tunnels, > >>>> for example Provider Edge (PE) based VPN's. An AD VPN must > >>>> support L3VPN as an application protected by the IPsec > >>>> Tunnels. > >>> > >>> it he must was a MUST, sure. > >> > >> I'd happily support a MUST here. There aren't any other MUSTs outside > of Section 4, but I don't know why. > >> > >> Thanks, > >> Brian > >> > >>> > >>> Lou > >> > >> _______________________________________________ > >> IPsec mailing list > >> IPsec@ietf.org > >> https://www.ietf.org/mailman/listinfo/ipsec > >> > >> > >> > >> > > _______________________________________________ > IPsec mailing list > IPsec@ietf.org > https://www.ietf.org/mailman/listinfo/ipsec >
- [IPsec] Comments on proposed draft-ietf-ipsecme-a… Brian Weis
- Re: [IPsec] Comments on proposed draft-ietf-ipsec… Vishwas Manral
- Re: [IPsec] Comments on proposed draft-ietf-ipsec… Brian Weis
- Re: [IPsec] Comments on proposed draft-ietf-ipsec… Lou Berger
- Re: [IPsec] Comments on proposed draft-ietf-ipsec… Lou Berger
- Re: [IPsec] Comments on proposed draft-ietf-ipsec… Brian Weis
- Re: [IPsec] Comments on proposed draft-ietf-ipsec… Vishwas Manral
- Re: [IPsec] Comments on proposed draft-ietf-ipsec… Lou Berger
- Re: [IPsec] Comments on proposed draft-ietf-ipsec… Lou Berger
- Re: [IPsec] Comments on proposed draft-ietf-ipsec… Brian Weis
- Re: [IPsec] Comments on proposed draft-ietf-ipsec… Vishwas Manral
- Re: [IPsec] Comments on proposed draft-ietf-ipsec… Lou Berger