Hi Sean, My comments are inline:
Please incorporate the QoS issue brought up by Toby. I'd like to make sure we have everything in the draft that the WG wants before issuing the WGLC. I also think the TSV/RTG directorates/ADs will be interested in that. VM> I can incorporate it if the Working Group thinks the QoS parts should be part of the aDVPN solution. Can you explain the rationale for the following the changes to requirement #5; I'm just not following it: OLD: 5. One ADVPN peer MUST NOT be able to impersonate another ADVPN peer. NEW: 5. Any of the ADVPN Peers MUST NOT have a way to get the long term authentication credentials for any other ADVPN Peers. The compromise of an Endpoint MUST NOT affect the security of communications between other ADVPN Peers. The compromise of a Gateway SHOULD NOT affect the security of the communications between ADVPN Peers not associated with that Gateway. Is the first sentence still saying basically: "peers can't impersonate peers"? VM> Yes thats the idea in my view. Steve Hanna may have more omments on this. Steve? Nits: - sec 1.1: Need to add what an ADVPN is and expand the acronym VM> Should something like the below suffice: VM> ADVPN - Auto Discovery Virtual Private Network (ADVPN) is VPN solution that enables a large number of systems to communicate directly, with minimal configuration and operator intervention using IPsec to protect communication between them. - sec 4/1.1: The terms allied and federated environment kind of come out of nowhere. Please add them to s1.1. I just to make sure it's clear what the difference is between the two. VM> Here is what I will add to 1.1. VM> Allied and Federated Environments - Environments where we have multiple different organizations that have close association and need to connect to each other.
_______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
