On Oct 3, 2013, at 4:57 PM, Michael Richardson <[email protected]> wrote: > > > I also read: draft-mao-ipsecme-ad-vpn-protocol and while conceptually I found > it okay, I think that the protocol should be inside IKE.
Funny, I came to the opposite conclusion. I think it's too much like IKE. But actually, this should be split in two. ADC to ADC communications, like the REDIRECT and SESSION could easily run over an Informational exchange in IKE. But the ADC to ADS communications are, to quote section 1.1, "a client and server protocol". And there is no reason to assume that the ADS can even do IKE - it's a controller. So I think those parts of the protocol could be done in a web service. But, why am I designing someone else's proposal? _______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
