On 11/28/11 5:21 PM, Michael Ko wrote:
[mk] A "user" is a network node that wants to connect with a peer node, preferably in a direct end-to-end connection. (If you can suggest a better term than "user" that will cause less confusion, I will use it instead.) A "user" may not be "authorized" to connect with all peer nodes in the domain.
I still find this very unclear. If a user "has" an IP address, how is the user identified, and how does the network know who it is? That is to say, there's apparently some sort of identity process/ authentication going on here prior to an IKE exchange, and I cannot tell from your requirements (and frankly I find them too vague to be called requirements, really) what that identity is, who's participating, how it's transacted, or what sort of token/ credential/whatever represents that identity, let alone how it's actually going to be used as the basis for authorizations. Then, there's the whole question of how you're going to authorize this stuff. I don't think you've got anything in here that's specific enough to be charterable. Melinda _______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
