Interesting. I always considered the requirement of a trust relationship of some kind an inherent part of "VPN" (of any kind, SSL, IPsec or otherwise), and assumed most people did.
In no part is trust suggested or otherwise in the Latin "ad hoc", so it is technically an incorrect expectation. But if the group feels that somehow the simplest correct term is too confusing we can try for something else. :-) -- Mark Boltz, CISSP, CISA, NSA-IEM, CSGI Director, Federal and Mid-Atlantic e: [email protected]<mailto:[email protected]> e: [email protected]<mailto:[email protected]> p: 866.869.4075 c: 571.246.2233 o: 202.434.8963 f: 703.997.4759 w: http://www.stonesoft.com<http://www.stonesoft.com/> 1200 G St. NW, Suite 800 Washington, DC 20005-6705 Stonesoft: Network Security. Simplified. On Mar 19, 2012, at 2:32 PM, Stephen Hanna wrote: I’m concerned that people expect “ad hoc VPN” to include VPN connections between endpoints with no prior trust relationship. Thanks, Steve From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Mark Boltz Sent: Monday, March 19, 2012 2:12 PM To: IPsecme WG Subject: Re: [IPsec] P2P VPN draft UNCLASSIFIED I agree that the meshing becomes messy. And thus, Yoav's comment on partial mesh and such is valid. Since the topology is, in my view, based on the use cases and the problem statement as I have understood them, a somewhat nebulous thing, I would offer up a very simple term for the goal: ad hoc VPN As that would thus mean a VPN that is "formed, arranged, or done for a particular purpose only". I will endeavor to have more commentary on the draft later this evening. -- Mark Boltz, CISSP, CISA, NSA-IEM, CSGI Director, Federal and Mid-Atlantic e: [email protected]<mailto:[email protected]> e: [email protected]<mailto:[email protected]> p: 866.869.4075 c: 571.246.2233 o: 202.434.8963 f: 703.997.4759 w: http://www.stonesoft.com<http://www.stonesoft.com/> 1200 G St. NW, Suite 800 Washington, DC 20005-6705 Stonesoft: Network Security. Simplified. On Mar 19, 2012, at 10:36 AM, Michael Richardson wrote: "Yoav" == Yoav Nir <[email protected]<mailto:[email protected]>> writes: Yoav> As Tero pointed out, some of the use cases don't end up in a Yoav> full mesh, because sometimes administrators really want a Yoav> trunk, so the end result could be a mesh among nodes in the Yoav> same organization, and a trunk to another. Maybe even a Yoav> partial mesh (with "secondary nodes" behind particularly bad Yoav> NAT devices connecting to one of many "primary nodes") I agree. Yoav> So perhaps the name should not include the word "mesh". How Yoav> about "dynamic discovery VPN" (DD-VPN)? I offer: On-Demand Dynamic VPN = ODD-VPN. -- ] He who is tired of Weird Al is tired of life! | firewalls [ ] Michael Richardson, Sandelman Software Works, Ottawa, ON |net architect[ ] [email protected]<mailto:[email protected]> http://www.sandelman.ottawa.on.ca/ |device driver[ Kyoto Plus: watch the video <http://www.youtube.com/watch?v=kzx1ycLXQSE> then sign the petition. _______________________________________________ IPsec mailing list [email protected]<mailto:[email protected]> https://www.ietf.org/mailman/listinfo/ipsec
_______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
