[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Son of IKE: A proposal for moving forward



On Thursday 13 June 2002 09:14, Stuart Jacobs wrote:
> If this group restricts their focus primarily on the VPN scenarios
> below then they are ignoring a major role that IPsec is expected to
> fill by large enterprises.

Stu, the point is not to LIMIT the protocol to VPN scenarios! The
point is that VPN scenarios MUST BE INCLUDED/SUPPORTED, 
mentioned because (as I understood) some argued that it's unnecessary.

As I understood Michael, he doesn't want the overhead involved
with VPN functionality support. But in my view (and in view of some 
other WG members) - cutting it out will reduce the protocol to unusable.

> We are relying on this WG to include in it's scope mechanisms that
> allow two network elements, regardless of their functions within a
> network, to be able to use IKE and ISAKMP, with PKI based X.509
> certs, to establish one or more SAs that these two elements can then
> use to continuously authenticate, and optionally encrypt for
> confidentiality, UDP, TCP or SCTP transport layer communication
> sessions.  This fundmental capability is critical for our use of IP
> technology for the transport of SS7 traffic, VoIP application
> signalling, (G)MPLS control plane signalling and OAM&P traffic.

I personally would expect this scenario to be fully supported. I'm not 
quite sure why you need ISAKMP here, but other than that - ...
-- 
Regards,
Uri-David
-=-=-<>-=-=-
<Disclaimer>