> On Sep 23, 2014, at 7:22 PM, Michael Richardson <mcr+i...@sandelman.ca> wrote: > > > Mark Townsley <m...@townsley.net> wrote: >> My own experience attempting to use IPsec as an add-on security >> solution (a.k.a. "pixie dust) for a protocol isn't all that >> positive. We tried that with L2TP, and in the process failed to kill >> off PPTP on windows clients. I can't tell you how many times over the >> years I've had to point people to the Windows Registry setting to >> disable IPsec with L2TP. OSPFv3 is another one where I get complaints >> about requiring IPsec. So, I agree with Ted; We should be wary of >> falling into the trap of using IPsec just because it is there. > > That's a poor example for several reasons that have nothing to do with HNCP, > and so I won't go into them here. (and I do have tons of L2TP code in the > field, sadly)
Michael, Back in '97 or so, the IETF weighed draft-ietf-pppext-l2tp-sec vs. L2TP+IPsec, and chose the latter (now RFC 3193). Some of this thread reminds me of discussions we had at that time, not just HNCP+IPsec vs. "HNCPsec" on the wire, but also whether we consider key config and such within HNCP alone or more holistically. Everyone has their own reference historical points to draw from, that was just my own. Sorry it didn't work for you! Cheers, - Mark > > -- > Michael Richardson <mcr+i...@sandelman.ca>, Sandelman Software Works > -= IPv6 IoT consulting =- > > >
_______________________________________________ homenet mailing list homenet@ietf.org https://www.ietf.org/mailman/listinfo/homenet
