On 19.9.2014, at 11.18, Mark Townsley <[email protected]> wrote: > My own experience attempting to use IPsec as an add-on security solution > (a.k.a. "pixie dust) for a protocol isn't all that positive. We tried that > with L2TP, and in the process failed to kill off PPTP on windows clients. I > can't tell you how many times over the years I've had to point people to the > Windows Registry setting to disable IPsec with L2TP. OSPFv3 is another one > where I get complaints about requiring IPsec. So, I agree with Ted; We should > be wary of falling into the trap of using IPsec just because it is there.
So DTLS it is? Because I do not want to reinvent any crypto wheels I do not have to. >From solution point of view, the only real difference is that DTLS solution >cannot be used to secure other protocols between the routers (just with >configuration), but I am sure we can stick in some pixie dust PSK TLVs to keep >the other protocols’ (bad) security solutions (mostly) functioning. Cheers, -Markus _______________________________________________ homenet mailing list [email protected] https://www.ietf.org/mailman/listinfo/homenet
