Re: Fwd: Re: Son of IKE: A proposal for moving forward

[Henry Spencer <henry@spsystems.net>]

On Thu, 13 Jun 2002, Bill Sommerfeld wrote:
> > You're making unwarranted assumptions about what a VPN is.  It's perfectly
> > possible to have a VPN in which the "wires" are private but the addresses
> > are not.  
> 
> you're also making unwarranted assumptions...
> where did I say "private addresses"?

Then I guess I don't follow.  You're going to have to explain why you
think there are "certain obvious scaling problems" and why "direct use of
transport mode is likely to be easier to manage, require fewer addresses,
and be simpler with large numbers of hosts".

I don't see any scaling problems, obvious or otherwise, that are not
shared by both approaches.  I don't see any significant difference in
complexity or ease of management.  And I see no reason why there would be
any difference in the number of addresses required.

(Note that when I said "private addresses", I meant "addresses not
accessible on the public network", not "addresses from the RFC 1918
blocks".  A host needs one address to be accessible by network at all.
There is no reason why it can't use that address on both the public
network and the private network.  No extras are necessary.)

                                                          Henry Spencer
                                                       henry@spsystems.net