Mark Townsley <m...@townsley.net> wrote: > My own experience attempting to use IPsec as an add-on security > solution (a.k.a. "pixie dust) for a protocol isn't all that > positive. We tried that with L2TP, and in the process failed to kill > off PPTP on windows clients. I can't tell you how many times over the > years I've had to point people to the Windows Registry setting to > disable IPsec with L2TP. OSPFv3 is another one where I get complaints > about requiring IPsec. So, I agree with Ted; We should be wary of > falling into the trap of using IPsec just because it is there.
That's a poor example for several reasons that have nothing to do with HNCP, and so I won't go into them here. (and I do have tons of L2TP code in the field, sadly) -- Michael Richardson <mcr+i...@sandelman.ca>, Sandelman Software Works -= IPv6 IoT consulting =-
pgpgaOXNHBHEk.pgp
Description: PGP signature
_______________________________________________ homenet mailing list homenet@ietf.org https://www.ietf.org/mailman/listinfo/homenet