Document authors: when might we have the update so Sean can move this forwards? We are gated on this before we solicit AD-VPN protocols.
--Paul Hoffman On Apr 30, 2013, at 7:52 AM, Sean Turner <[email protected]> wrote: > Please incorporate the QoS issue brought up by Toby. I'd like to make sure > we have everything in the draft that the WG wants before issuing the WGLC. I > also think the TSV/RTG directorates/ADs will be interested in that. > > Can you explain the rationale for the following the changes to requirement > #5; I'm just not following it: > > OLD: > > 5. One ADVPN peer MUST NOT be able to impersonate another ADVPN peer. > > NEW: > > 5. Any of the ADVPN Peers MUST NOT have a way to get the long term > authentication credentials for any other ADVPN Peers. The compromise of an > Endpoint MUST NOT affect the security of communications between other ADVPN > Peers. The compromise of a Gateway SHOULD NOT affect the security of the > communications between ADVPN Peers not associated with that Gateway. > > Is the first sentence still saying basically: "peers can't impersonate peers"? > > Nits: > > - sec 1.1: Need to add what an ADVPN is and expand the acronym > > - sec 4/1.1: The terms allied and federated environment kind of come out of > nowhere. Please add them to s1.1. I just to make sure it's clear what the > difference is between the two. _______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
