[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Son of IKE: A proposal for moving forward
On Thursday 13 June 2002 09:14, Stuart Jacobs wrote:
> If this group restricts their focus primarily on the VPN scenarios
> below then they are ignoring a major role that IPsec is expected to
> fill by large enterprises.
Stu, the point is not to LIMIT the protocol to VPN scenarios! The
point is that VPN scenarios MUST BE INCLUDED/SUPPORTED,
mentioned because (as I understood) some argued that it's unnecessary.
As I understood Michael, he doesn't want the overhead involved
with VPN functionality support. But in my view (and in view of some
other WG members) - cutting it out will reduce the protocol to unusable.
> We are relying on this WG to include in it's scope mechanisms that
> allow two network elements, regardless of their functions within a
> network, to be able to use IKE and ISAKMP, with PKI based X.509
> certs, to establish one or more SAs that these two elements can then
> use to continuously authenticate, and optionally encrypt for
> confidentiality, UDP, TCP or SCTP transport layer communication
> sessions. This fundmental capability is critical for our use of IP
> technology for the transport of SS7 traffic, VoIP application
> signalling, (G)MPLS control plane signalling and OAM&P traffic.
I personally would expect this scenario to be fully supported. I'm not
quite sure why you need ISAKMP here, but other than that - ...
--
Regards,
Uri-David
-=-=-<>-=-=-
<Disclaimer>