On 18/07/17 17:14, Yoav Nir wrote:
I mostly agree, but one point…
On 18 Jul 2017, at 17:06, Tero Kivinen <kivi...@iki.fi> wrote:
<snip/>
This I think is important question, i.e., what is the gain for not
running IKEv2 between the nodes?
Simpler gateway, less code, no PK operations, no need for random number
generator.
The counter-argument is that without all these you can’t setup a TLS session to
run netconf over.
Yoav
No random number generator? I don't think this is true even for a pure
ESP endpoint.
Thanks,
Yaron
_______________________________________________
IPsec mailing list
IPsec@ietf.org
https://www.ietf.org/mailman/listinfo/ipsec
