On Fri, Apr 28, 2006 at 06:25:25PM -0400, Sam Hartman wrote: > Nico, while I agree that work in BTNS is important, and while I agree > that all needs to happen, I actually think that there is more to > helping these requirements than a small number of technical point > solutions. I'll note that the OSPF case was difficult even though it > really didn't have connection latching issues (you protected all OSPF > traffic) and did not require leap of faith. Oh, I didn't mean to say that there were only technical issues. Also, it's important to note that connection latching doesn't require TCP, SCTP connections -- a latch can encompass all traffic for OSPF between two nodes, for example. Easy credentialling via enrolment or LoF wouldn't help OSPF? > So, I agree that BTNS is part of the picture. But don't under > estimate the importance of conceptual models, BCPs like Steve > Bellovin's use IPsec document, etc. I don't, but I think many applications, such as iSCSI, BGP and maybe even OSPF, would greatly benefit from having better programmatic interfaces to IPsec, and that specifications for how to use IPsec with such applications would gain formalism from making reference to such programmatic interfaces. Nico --
Note Well: Messages sent to this mailing list are the opinions of the senders and do not imply endorsement by the IETF.