This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/ipv6-wg@ripe.net/
[ipv6-wg] RIPE-501 replacement document - IPsec question to community - we need your input.
- Previous message (by thread): [ipv6-wg] RIPE-501 replacement document - IPsec question to community - we need your input.
- Next message (by thread): [ipv6-wg] RIPE-501 replacement document - IPsec question to community - we need your input.
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Sander Steffann
sander at steffann.nl
Tue Dec 27 23:36:51 CET 2011
Hi, >> Yes. Even if we could achieve agreement on a subset of devices where >> it's supposed to make sense, "IPsec" is really a catchphrase for a set >> of related protocols, so anyone who actually needs some of it needs to >> ask for it explicitly anyway. > > My experience differs. I have a bunch of site-to-site VPNs on IPSEC, > partially to not very large sites, and most enterprisey routers I've met > can do an IPSEC tunnel just fine. > > How many sizeable enterprises or government entities do you know that > really reside in just one building or even campus? The requirement > to be able to connect a satellite office to headquarters is not really > esoteric. I agree. We are writing a template for tender initiators for enterprises. I think we should state that IPSec is mandatory, because enterprises should have the possibility to set up IPSec site-to-site tunnels as a minimum. I think we should write it in such a way that enterprises require IPSec support when writing a request for tender, unless they consciously decide that they don't need it. So I think we should put IPSec in the 'required' section. If an enterprise knows it will not need it then they can move it to 'optional' themselves. RIPE-501 and its successor are templates to be used and adapted as necessary. We should provide a sane default, and they might (will probably?) need IPSec at some point in time. I am leaving for vacation now, so I'll eave it up to this WG to decide what to do with my input :-) Sander -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 2084 bytes Desc: not available URL: </ripe/mail/archives/ipv6-wg/attachments/20111227/06cea4c0/attachment.p7s>
- Previous message (by thread): [ipv6-wg] RIPE-501 replacement document - IPsec question to community - we need your input.
- Next message (by thread): [ipv6-wg] RIPE-501 replacement document - IPsec question to community - we need your input.
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[ ipv6-wg Archives ]