On Dec 8, 2011, at 1:55 AM, Yoav Nir wrote: > In an environment with many IPsec gateways and remote clients that share an > established trust infrastructure (in a single administrative domain or across > multiple domains), customers want to get on-demand mesh IPsec capability for > efficiency. However, this cannot be feasibly accomplished only with today's > IPsec and IKE due to problems with address lookup, reachability, policy > configuration, etc.
I don't think "mesh" is a well-defined term here. How about "point-to-point"? > The IPsecME working group will handle this large scale VPN problem by > delivering the following: > > * The working group will create a problem statement document including use > cases, definitions and proper requirements for discovery and updates. This > document would be solution-agnostic. Should reach WG last call around October > 2012. > > * The working group will review and help publish Informational documents > describing current vendor proprietary solutions. These should be ready for > IETF last call by August 2012. > > * The working group will choose a common solution for the discovery and > update problems that will satisfy the requirements in the problem statement > document. The working group may consider multiple proposals, and then choose > one to bring to the standards track. We would need a deadline for the last item. I suggest "December 2013". --Paul Hoffman _______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
