Praveen Sathyanarayan writes: > This works if there is only one Hub in the network. Scenario where > multiple hubs in hierarchy or multiple Hub's that don't have > hierarchical relation, this will not work.
I see no problems even if there is multiple hubs. There are lots of different ways to do things, and we do not need to go to solution space yet (one trust anchor per hub, sub-ca per hub, shared trust anchor between the hubs etc). On the other hand all of the solutions needs to take account the fact that if there are multiple hubs. All depends also what kind of trust relationship the hubs have etc. With certificates there is a way to setup system so that hubs do not need real time policy communications between them. With shared keys the hubs needs to have real time policy communication, as the temporary shared key generated by one hub, needs to be distributed to other hubs needing it. -- [email protected] _______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
