Hi Acee, I agree to what you say and the general sense of the room in the KMART BOF. That is the reason I proposed a BTNS based solution. Which uses GTSM in the IKe to do the first level security.
Also as IGP run within an administrative domain we can actually do without third party verification. Hi Dave, Thanks for your help and shepherding as always. The issue about adopting the draft was raised in the OPSEC WG by the chair Joel, however we only had a handful of mails saying the draft was within the scope (though none were opposed to it). Thanks, Vishwas On 9/30/08, Acee Lindem <[EMAIL PROTECTED]> wrote: > One thing to take into consideration is that the outcome of our KMART > BOF was that nobody deploying networks wanted routing infra-structure > based on a third-part verified certificates. > Thanks, > Acee > On Sep 30, 2008, at 10:57 AM, David Ward wrote: > >> Directions are to send your draft to opsec WG. To get it on their >> charter, you have to request the doc to become a WG item and then >> discussion will follow >> >> -DWard >> >> On Sep 29, 2008, at 8:53 PM, Vishwas Manral wrote: >> >>> Hi Sandy, >>> >>> Thanks for refering to my draft in your mail. The same was presented >>> by Dave (Ward) in the last IETF. Regarding the state of the draft, >>> because the RPSEC is closing down, we have been trying to find a home >>> for the draft. >>> >>> We can also solve the problem similarly by something like >>> BTNS(ofcourse Multicast part needs to be thought further) which does >>> not necessarily require any certificate verification - so we may have >>> unauthenticated IKE SA's but then all keys for the CHILD_SA from >>> there >>> are automatically generated. >>> >>> Thanks, >>> Vishwas >>> >>> >> _______________________________________________ >> OSPF mailing list >> [EMAIL PROTECTED] >> https://www.ietf.org/mailman/listinfo/ospf > > _______________________________________________ sidr mailing list [email protected] https://www.ietf.org/mailman/listinfo/sidr
