Please incorporate the QoS issue brought up by Toby. I'd like to make
sure we have everything in the draft that the WG wants before issuing
the WGLC. I also think the TSV/RTG directorates/ADs will be interested
in that.
Can you explain the rationale for the following the changes to
requirement #5; I'm just not following it:
OLD:
5. One ADVPN peer MUST NOT be able to impersonate another ADVPN peer.
NEW:
5. Any of the ADVPN Peers MUST NOT have a way to get the long term
authentication credentials for any other ADVPN Peers. The compromise of
an Endpoint MUST NOT affect the security of communications between other
ADVPN Peers. The compromise of a Gateway SHOULD NOT affect the security
of the communications between ADVPN Peers not associated with that Gateway.
Is the first sentence still saying basically: "peers can't impersonate
peers"?
Nits:
- sec 1.1: Need to add what an ADVPN is and expand the acronym
- sec 4/1.1: The terms allied and federated environment kind of come out
of nowhere. Please add them to s1.1. I just to make sure it's clear
what the difference is between the two.
_______________________________________________
IPsec mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/ipsec
