[ipv6-wg] RIPE-501 replacement document - IPsec question to community - we need your input.

Hi,

>> Yes.  Even if we could achieve agreement on a subset of devices where
>> it's supposed to make sense, "IPsec" is really a catchphrase for a set
>> of related protocols, so anyone who actually needs some of it needs to
>> ask for it explicitly anyway.
> 
> My experience differs. I have a bunch of site-to-site VPNs on IPSEC,
> partially to not very large sites, and most enterprisey routers I've met
> can do an IPSEC tunnel just fine.
> 
> How many sizeable enterprises or government entities do you know that
> really reside in just one building or even campus? The requirement
> to be able to connect a satellite office to headquarters is not really
> esoteric.

I agree. We are writing a template for tender initiators for enterprises. I think we should state that IPSec is mandatory, because enterprises should have the possibility to set up IPSec site-to-site tunnels as a minimum. I think we should write it in such a way that enterprises  require IPSec support when writing a request for tender, unless they consciously decide that they don't need it. So I think we should put IPSec in the 'required' section. If an enterprise knows it will not need it then they can move it to 'optional' themselves. RIPE-501 and its successor are templates to be used and adapted as necessary. We should provide a sane default, and they might (will probably?) need IPSec at some point in time.

I am leaving for vacation now, so I'll eave it up to this WG to decide what to do with my input :-)
Sander

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2084 bytes
Desc: not available
URL: </ripe/mail/archives/ipv6-wg/attachments/20111227/06cea4c0/attachment.p7s>