Re: [IPsec] Comments on proposed draft-ietf-ipsecme-ad-vpn-problem-02
Lou Berger <lberger@labn.net> Mon, 17 December 2012 19:13 UTC
Return-Path: <lberger@labn.net>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6648721F873F for <ipsec@ietfa.amsl.com>; Mon, 17 Dec 2012 11:13:10 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -101.592
X-Spam-Level:
X-Spam-Status: No, score=-101.592 tagged_above=-999 required=5 tests=[AWL=-0.193, BAYES_00=-2.599, J_CHICKENPOX_13=0.6, J_CHICKENPOX_14=0.6, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vLx-pab0RFcf for <ipsec@ietfa.amsl.com>; Mon, 17 Dec 2012 11:13:09 -0800 (PST)
Received: from oproxy11-pub.bluehost.com (oproxy11-pub.bluehost.com [173.254.64.10]) by ietfa.amsl.com (Postfix) with SMTP id A66C421F8632 for <ipsec@ietf.org>; Mon, 17 Dec 2012 11:13:09 -0800 (PST)
Received: (qmail 15377 invoked by uid 0); 17 Dec 2012 19:12:47 -0000
Received: from unknown (HELO box313.bluehost.com) (69.89.31.113) by oproxy11.bluehost.com with SMTP; 17 Dec 2012 19:12:47 -0000
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=labn.net; s=default; h=Content-Transfer-Encoding:Content-Type:In-Reply-To:References:Subject:CC:To:MIME-Version:From:Date:Message-ID; bh=XoUa9BFbx9lRZF+tU85epGXiiQy6yfuNO7MRJa3Wcio=; b=N9PvcjwDGgDx2GjlOpZspmZKkI2D1QOO++lrRfuy67cxZPsrT9HKsTuZPjA0gMzKXk3NytHLU4wUcOqZ32Rcfs2J6Epkho5gAbTsJzI/dRHUrWbeiQdqTPeV7Ja2vmMu;
Received: from box313.bluehost.com ([69.89.31.113]:55622 helo=[127.0.0.1]) by box313.bluehost.com with esmtpa (Exim 4.76) (envelope-from <lberger@labn.net>) id 1Tkg7K-000146-NE; Mon, 17 Dec 2012 12:12:46 -0700
Message-ID: <50CF6EAD.9050005@labn.net>
Date: Mon, 17 Dec 2012 14:12:45 -0500
From: Lou Berger <lberger@labn.net>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:17.0) Gecko/17.0 Thunderbird/17.0
MIME-Version: 1.0
To: Brian Weis <bew@cisco.com>, "vishwas.manral@hp.com" <vishwas.manral@hp.com>
References: <0B592A71-6BE1-4988-8BA7-2F3CD61AD03A@cisco.com> <CAOyVPHRk49O0eX3KzCGB6usDW=aQhpe3=cPsQfSQM=sZQOE4Rg@mail.gmail.com> <154376FC-F5D4-472F-B321-5B2ED0C5CA2C@cisco.com> <50CB6CA4.3020806@labn.net> <9D8C5AA9-B072-445C-813E-FA187ED75BCE@cisco.com> <50CE010E.4000709@labn.net> <F1923125-B429-4EC6-8135-D80B070A3D0F@cisco.com>
In-Reply-To: <F1923125-B429-4EC6-8135-D80B070A3D0F@cisco.com>
X-Enigmail-Version: 1.4.6
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
X-Identified-User: {1038:box313.bluehost.com:labnmobi:labn.net} {sentby:smtp auth 69.89.31.113 authed with lberger@labn.net}
Cc: ipsec@ietf.org, Stephen Hanna <shanna@juniper.net>
Subject: Re: [IPsec] Comments on proposed draft-ietf-ipsecme-ad-vpn-problem-02
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipsec>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 17 Dec 2012 19:13:10 -0000
excellent. Thank you both for resolving my comments so rapidly! Lou On 12/17/2012 1:43 PM, Brian Weis wrote: > > On Dec 16, 2012, at 9:12 AM, Lou Berger <lberger@labn.net> wrote: > >> Brian, >> Just want to confirm that Vishwas solution closes this issue. Agreed? > > Agreed! > > Thanks, > Brian > >> >> Thanks, >> Lou >> >> On 12/14/2012 4:56 PM, Brian Weis wrote: >>> Hi Lou, >>> >>> On Dec 14, 2012, at 10:15 AM, Lou Berger <lberger@labn.net> wrote: >>> >>>> Brian, >>>> Opps, should have replied to this message (and not the prior). >>>> >>>> My previous mail basically said the new requirement is placed on the >>>> ADVPN solution, not a particular implementation. I think it's important >>>> to ensure that the overall solution provides for Requirement 14, and I'm >>>> not sure how this can be done without a requirement. >>> >>> If I understand correctly, these requirements are intending to be relevant to "ADVPN solutions" that don't include network infrastructure. It doesn't make sense to me to make a "ADVPN solution" implemented on PCs and comprised exclusively of PCs subject to this as a general requirement. >>> >>> All other MUST requirements in Section 4 seem to apply equally to all use cases. >>> >>>> >>>> See below for additional specific responses. >>> >>> [snip] >>> >>>>> Lou, would something like the following text in Section 2.2 be a >>>>> satisfactory replacement for Requirement 14? >>>>> >>>>> There is also the case when L3VPNs operate over IPsec Tunnels, >>>>> for example Provider Edge (PE) based VPN's. An AD VPN must >>>>> support L3VPN as an application protected by the IPsec >>>>> Tunnels. >>>> >>>> it he must was a MUST, sure. >>> >>> I'd happily support a MUST here. There aren't any other MUSTs outside of Section 4, but I don't know why. >>> >>> Thanks, >>> Brian >>> >>>> >>>> Lou >>> >>> _______________________________________________ >>> IPsec mailing list >>> IPsec@ietf.org >>> https://www.ietf.org/mailman/listinfo/ipsec >>> >>> >>> >>> > > _______________________________________________ > IPsec mailing list > IPsec@ietf.org > https://www.ietf.org/mailman/listinfo/ipsec > > > >
- [IPsec] Comments on proposed draft-ietf-ipsecme-a… Brian Weis
- Re: [IPsec] Comments on proposed draft-ietf-ipsec… Vishwas Manral
- Re: [IPsec] Comments on proposed draft-ietf-ipsec… Brian Weis
- Re: [IPsec] Comments on proposed draft-ietf-ipsec… Lou Berger
- Re: [IPsec] Comments on proposed draft-ietf-ipsec… Lou Berger
- Re: [IPsec] Comments on proposed draft-ietf-ipsec… Brian Weis
- Re: [IPsec] Comments on proposed draft-ietf-ipsec… Vishwas Manral
- Re: [IPsec] Comments on proposed draft-ietf-ipsec… Lou Berger
- Re: [IPsec] Comments on proposed draft-ietf-ipsec… Lou Berger
- Re: [IPsec] Comments on proposed draft-ietf-ipsec… Brian Weis
- Re: [IPsec] Comments on proposed draft-ietf-ipsec… Vishwas Manral
- Re: [IPsec] Comments on proposed draft-ietf-ipsec… Lou Berger