Tero, I agree with you that requirement 5 as currently worded is too strict. We don't want to end up with a situation where no ADVPN peers can participate in the establishment of the ADVPN! On the other hand, we want to limit the effects of the compromise of an endpoint because endpoint compromise (not gateway compromise) is a common occurrence. A compromised endpoint shouldn't be able to impersonate other peers.
You proposed this text: > Any of the ADVPN peers MUST NOT have a way to get the long > term authentication credentials for any other ADVPN peers. I think that's correct. But I also think we want to say: > The compromise of an Endpoint MUST NOT affect the security > of communications between other Peers. Are you OK with replacing the current text for requirement 5 with those two sentences? I think that will preserve the essence of the requirement without making it too strict. Thanks, Steve _______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
