On Fri, Jan 10, 2014 at 9:21 AM, Stephen Farrell <[email protected]> wrote: > > Hiya, > ><snip> >> Otherwise this seems reasonable: it might be worth considering if this >> can be extended to >> authenticate both sides cleanly if some large networks want to be safe >> against that. > > Not sure what you mean by cleanly?
By cleanly I mean if authentication is configured, it works, if not, we wind up with OE without too much in the way of complexity. This might be a bridge too far, but I wouldn't be surprised if some people were concerned about false termination in the middle of their MLPS networks induced by malicious configuration. > > Thanks for the comments, > S. > -- "Those who would give up Essential Liberty to purchase a little Temporary Safety deserve neither Liberty nor Safety." -- Benjamin Franklin _______________________________________________ perpass mailing list [email protected] https://www.ietf.org/mailman/listinfo/perpass
