Vishwas and I have updated the AD VPN Problem Statement and Requirements draft to address the comments received on the previous version and remaining comments from earlier email discussions. The new version is available at
https://datatracker.ietf.org/doc/draft-ietf-ipsecme-ad-vpn-problem A summary of the changes in this version is included at the end of this message. Please review this document and provide any comments on the existing requirements or suggestions for new ones. For requirement 3, Vishwas will be starting an email thread soon so that the WG can discuss what this text means, whether we want to keep it, and how it can be made clearer. Thanks, Steve ------------ Summary of Changes in draft-ietf-ipsecme-ad-vpn-00.txt * Changed draft name from p2p-vpn to ad-vpn. * Added a paragraph for each requirement, explaining how that requirement is driven by the use cases. * In requirement 1, defined what we mean by minimizing configuration changes. * In requirement 2, explained that this requirement implies that SPD entries and other configuration based on peer IP address will need to be automatically updated when the peer's IP address changes. * Split requirement 4 into two requirements (now 4 and 5). * In requirement 6 (formerly 5), explained what we mean by "easy handoff of sessions": avoid TCP session breakage and packet loss, when possible. * In requirement 8 (formerly 7), acknowledged the difficulty of handling cases where gateways are behind NATs or where two endpoints are both behind separate NATs. In those cases, we may need to use workarounds such as port forwarding by the NATs or falling back to a hub and spoke architecture. * Added new requirement 9 around manageability. * Added new requirement 10 around cross-organization use. * Added new requirement 11 saying that administrators should be able to limit topologies for security and other reasons. * Fixed typos and other minor wording issues. _______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
