On Fri, Apr 28, 2006 at 04:38:44PM -0400, Stephen Kent wrote: > At 8:26 AM -0400 4/28/06, Sam Hartman wrote: > ... > Sam, > > I think your characterization is a good one, and I have a guess as to > why application protocol developers are finding that they have to > work hard to use IPsec in their environments. > > The IPsec WG, like most others, refined its documents based on > feedback from list members. Most of these list members represented > VPN vendors, but there were also host vendors represented. However, > there were no OSPF folks involved, nor BGP folks (other than my > interest in using IPsec to protect BGP). So it is not surprising that > details related to other applications were not as well represented. That's a good guess, I'm sure, but from a technical perspective, as opposed to political/organizational, I think there are two problems: - the lack of the kind of interfaces described in the BTNS WG connection latching I-D[0]; - the lack of an ad-hoc enrolment/leap-of-faith facility for IPsec (which should be made possible by a combination of the BTNS core functionality, connection latching, and the interfaces described in [0]). [0] draft-ietf-btns-connection-latching-00.txt Nico --
Note Well: Messages sent to this mailing list are the opinions of the senders and do not imply endorsement by the IETF.