[IPsec] Please Review Changes to AD VPN Problem Statement

Stephen Hanna <shanna@juniper.net> Tue, 09 April 2013 03:00 UTC

Return-Path: <shanna@juniper.net>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9EBA921F8E96 for <ipsec@ietfa.amsl.com>; Mon, 8 Apr 2013 20:00:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -103.467
X-Spam-Level:
X-Spam-Status: No, score=-103.467 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, UNRESOLVED_TEMPLATE=3.132, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Q9ZRN2t2+65j for <ipsec@ietfa.amsl.com>; Mon, 8 Apr 2013 20:00:51 -0700 (PDT)
Received: from exprod7og114.obsmtp.com (exprod7og114.obsmtp.com [64.18.2.215]) by ietfa.amsl.com (Postfix) with ESMTP id 0F63921F8DA4 for <ipsec@ietf.org>; Mon, 8 Apr 2013 20:00:51 -0700 (PDT)
Received: from P-EMHUB01-HQ.jnpr.net ([66.129.224.36]) (using TLSv1) by exprod7ob114.postini.com ([64.18.6.12]) with SMTP ID DSNKUWOEYu1uX7VsidKxFQcG0+9DbeJlRbM/@postini.com; Mon, 08 Apr 2013 20:00:51 PDT
Received: from P-CLDFE02-HQ.jnpr.net (172.24.192.60) by P-EMHUB01-HQ.jnpr.net (172.24.192.35) with Microsoft SMTP Server (TLS) id 8.3.213.0; Mon, 8 Apr 2013 20:00:31 -0700
Received: from o365mail.juniper.net (207.17.137.149) by o365mail.juniper.net (172.24.192.60) with Microsoft SMTP Server id 14.1.355.2; Mon, 8 Apr 2013 20:00:30 -0700
Received: from co1outboundpool.messaging.microsoft.com (216.32.180.184) by o365mail.juniper.net (207.17.137.149) with Microsoft SMTP Server (TLS) id 14.1.355.2; Mon, 8 Apr 2013 20:03:03 -0700
Received: from mail97-co1-R.bigfish.com (10.243.78.254) by CO1EHSOBE040.bigfish.com (10.243.66.105) with Microsoft SMTP Server id 14.1.225.23; Tue, 9 Apr 2013 03:00:29 +0000
Received: from mail97-co1 (localhost [127.0.0.1]) by mail97-co1-R.bigfish.com (Postfix) with ESMTP id C19C24800C8 for <ipsec@ietf.org.FOPE.CONNECTOR.OVERRIDE>; Tue, 9 Apr 2013 03:00:29 +0000 (UTC)
X-Forefront-Antispam-Report: CIP:157.56.234.117; KIP:(null); UIP:(null); (null); H:SN2PRD0510HT001.namprd05.prod.outlook.com; R:internal; EFV:INT
X-SpamScore: -25
X-BigFish: PS-25(zz9371I936eI542I1432I4015Izz1f42h1fc6h1ee6h1de0h1fdah1202h1e76h1d1ah1d2ahzz1033IL17326ah8275dhz2dh2a8h668h839h944hd25hf0ah1220h1288h12a5h12a9h12bdh137ah13b6h1441h1504h1537h153bh15d0h162dh1631h1758h18e1h1946h19b5h19ceh1ad9h1b0ah1155h)
Received: from mail97-co1 (localhost.localdomain [127.0.0.1]) by mail97-co1 (MessageSwitch) id 1365476427346847_16280; Tue, 9 Apr 2013 03:00:27 +0000 (UTC)
Received: from CO1EHSMHS016.bigfish.com (unknown [10.243.78.252]) by mail97-co1.bigfish.com (Postfix) with ESMTP id 4934C580049 for <ipsec@ietf.org>; Tue, 9 Apr 2013 03:00:27 +0000 (UTC)
Received: from SN2PRD0510HT001.namprd05.prod.outlook.com (157.56.234.117) by CO1EHSMHS016.bigfish.com (10.243.66.26) with Microsoft SMTP Server (TLS) id 14.1.225.23; Tue, 9 Apr 2013 03:00:25 +0000
Received: from SN2PRD0510MB372.namprd05.prod.outlook.com ([169.254.9.67]) by SN2PRD0510HT001.namprd05.prod.outlook.com ([10.255.116.36]) with mapi id 14.16.0287.008; Tue, 9 Apr 2013 03:00:24 +0000
From: Stephen Hanna <shanna@juniper.net>
To: "ipsec@ietf.org" <ipsec@ietf.org>
Thread-Topic: Please Review Changes to AD VPN Problem Statement
Thread-Index: AQHONM5h3QJpx/aEQU6tLeXKyVrNLQ==
Date: Tue, 9 Apr 2013 03:00:23 +0000
Message-ID: <F1DFC16DCAA7D3468651A5A776D5796E1A91DA6C@SN2PRD0510MB372.namprd05.prod.outlook.com>
References: <20130409025346.7391.95143.idtracker@ietfa.amsl.com>
In-Reply-To: <20130409025346.7391.95143.idtracker@ietfa.amsl.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [66.129.232.2]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-FOPE-CONNECTOR: Id%0$Dn%*$RO%0$TLS%0$FQDN%$TlsDn%
X-FOPE-CONNECTOR: Id%12219$Dn%IETF.ORG$RO%2$TLS%5$FQDN%onpremiseedge-1018244.customer.frontbridge.com$TlsDn%o365mail.juniper.net
Subject: [IPsec] Please Review Changes to AD VPN Problem Statement
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipsec>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 09 Apr 2013 03:00:51 -0000

I have posted a new version of the AD VPN Problem
Statement that adds clarifying text to requirements
6 and 7, as suggested by Tero. Please review and
comment. Is everyone (especially Tero) OK with the
new text?

The new draft is available at

https://datatracker.ietf.org/doc/draft-ietf-ipsecme-ad-vpn-problem

Since the changes are few, it may be easier for you
to look at the diff linked to here:

http://www.ietf.org/rfcdiff?url2=draft-ietf-ipsecme-ad-vpn-problem-05

Thanks,

Steve

> -----Original Message-----
> From: ipsec-bounces@ietf.org [mailto:ipsec-bounces@ietf.org] On Behalf
> Of internet-drafts@ietf.org
> Sent: Monday, April 08, 2013 10:54 PM
> To: i-d-announce@ietf.org
> Cc: ipsec@ietf.org
> Subject: [IPsec] I-D Action: draft-ietf-ipsecme-ad-vpn-problem-05.txt
> 
> 
> A New Internet-Draft is available from the on-line Internet-Drafts
> directories.
>  This draft is a work item of the IP Security Maintenance and
> Extensions Working Group of the IETF.
> 
> 	Title           : Auto Discovery VPN Problem Statement and
> Requirements
> 	Author(s)       : Steve Hanna
>                           Vishwas Manral
> 	Filename        : draft-ietf-ipsecme-ad-vpn-problem-05.txt
> 	Pages           : 11
> 	Date            : 2013-04-08
> 
> Abstract:
>    This document describes the problem of enabling a large number of
>    systems to communicate directly using IPsec to protect the traffic
>    between them.  It then expands on the requirements, for such a
>    solution.
> 
>    Manual configuration of all possible tunnels is too cumbersome in
>    many such cases.  In other cases the IP address of endpoints change
>    or the endpoints may be behind NAT gateways, making static
>    configuration impossible.  The Auto Discovery VPN solution will
>    address these requirements.
> 
> 
> The IETF datatracker status page for this draft is:
> https://datatracker.ietf.org/doc/draft-ietf-ipsecme-ad-vpn-problem
> 
> There's also a htmlized version available at:
> http://tools.ietf.org/html/draft-ietf-ipsecme-ad-vpn-problem-05
> 
> A diff from the previous version is available at:
> http://www.ietf.org/rfcdiff?url2=draft-ietf-ipsecme-ad-vpn-problem-05
> 
> 
> Internet-Drafts are also available by anonymous FTP at:
> ftp://ftp.ietf.org/internet-drafts/
> 
> _______________________________________________
> IPsec mailing list
> IPsec@ietf.org
> https://www.ietf.org/mailman/listinfo/ipsec