On Dec 8, 2011, at 6:04 PM, Paul Hoffman wrote: > > On Dec 8, 2011, at 1:55 AM, Yoav Nir wrote: > >> In an environment with many IPsec gateways and remote clients that share an >> established trust infrastructure (in a single administrative domain or >> across multiple domains), customers want to get on-demand mesh IPsec >> capability for efficiency. However, this cannot be feasibly accomplished >> only with today's IPsec and IKE due to problems with address lookup, >> reachability, policy configuration, etc. > > I don't think "mesh" is a well-defined term here. How about "point-to-point"?
point to point sounds to me too much like the old host-to-host IPsec idea that never quite took off. I know this is part of Chris's use case, but I don't think that's our main focus. I can live with either point-to-point or mesh, but either way we'll have to define it in the first deliverable. > >> The IPsecME working group will handle this large scale VPN problem by >> delivering the following: >> >> * The working group will create a problem statement document including use >> cases, definitions and proper requirements for discovery and updates. This >> document would be solution-agnostic. Should reach WG last call around >> October 2012. >> >> * The working group will review and help publish Informational documents >> describing current vendor proprietary solutions. These should be ready for >> IETF last call by August 2012. >> >> * The working group will choose a common solution for the discovery and >> update problems that will satisfy the requirements in the problem statement >> document. The working group may consider multiple proposals, and then choose >> one to bring to the standards track. > > We would need a deadline for the last item. I suggest "December 2013". Works for me. I was hesitant to suggest a date. _______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
