-DWard On Sep 30, 2008, at 10:42 AM, Vishwas Manral wrote:
Hi Acee,I agree to what you say and the general sense of the room in the KMART BOF.That is the reason I proposed a BTNS based solution. Which uses GTSM in the IKe to do the first level security. Also as IGP run within an administrative domain we can actually do without third party verification. Hi Dave, Thanks for your help and shepherding as always. The issue about adopting the draft was raised in the OPSEC WG by the chair Joel, however we only had a handful of mails saying the draft was within the scope (though none were opposed to it). Thanks, Vishwas On 9/30/08, Acee Lindem <acee at redback.com> wrote:One thing to take into consideration is that the outcome of our KMART BOF was that nobody deploying networks wanted routing infra-structure based on a third-part verified certificates. Thanks, Acee On Sep 30, 2008, at 10:57 AM, David Ward wrote:Directions are to send your draft to opsec WG. To get it on their charter, you have to request the doc to become a WG item and then discussion will follow -DWard On Sep 29, 2008, at 8:53 PM, Vishwas Manral wrote:Hi Sandy,Thanks for refering to my draft in your mail. The same was presentedby Dave (Ward) in the last IETF. Regarding the state of the draft,because the RPSEC is closing down, we have been trying to find a homefor the draft. We can also solve the problem similarly by something likeBTNS(ofcourse Multicast part needs to be thought further) which does not necessarily require any certificate verification - so we may haveunauthenticated IKE SA's but then all keys for the CHILD_SA from there are automatically generated. Thanks, Vishwas_______________________________________________ OSPF mailing list OSPF at ietf.org https://www.ietf.org/mailman/listinfo/ospf
_______________________________________________ RPSEC mailing list RPSEC at ietf.org https://www.ietf.org/mailman/listinfo/rpsec