On Dec 8, 2011, at 12:00 PM, Yoav Nir wrote: > > On Dec 8, 2011, at 6:04 PM, Paul Hoffman wrote: > >> >> On Dec 8, 2011, at 1:55 AM, Yoav Nir wrote: >> >>> In an environment with many IPsec gateways and remote clients that share an >>> established trust infrastructure (in a single administrative domain or >>> across multiple domains), customers want to get on-demand mesh IPsec >>> capability for efficiency. However, this cannot be feasibly accomplished >>> only with today's IPsec and IKE due to problems with address lookup, >>> reachability, policy configuration, etc. >> >> I don't think "mesh" is a well-defined term here. How about "point-to-point"? > > point to point sounds to me too much like the old host-to-host IPsec idea > that never quite took off.
The points can be (and are likely to be) gateways. > I know this is part of Chris's use case, but I don't think that's our main > focus. I can live with either point-to-point or mesh, but either way we'll > have to define it in the first deliverable. I believe that we need to have a sensible definition for the charter. Is there a good definition of "mesh VPN" we can add to the proposed charter text? Is there a preference for "point-to-point", maybe with a better definition? --Paul Hoffman _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
