>>>>> "Tero" == Tero Kivinen <kivi...@iki.fi> writes: Tero> This means that we might need to add creation of temporary Tero> credentials to the protocol.
This is an interesting question. I think the requirements document needs to either make this in scope or make it out of scope by requiring re-usable mechanisms of authentication. Tero> In section 3.2 about star topology it should be noted, that Tero> quite often adminstrators do require star topology because Tero> they want to do some kind of inspection for all traffic inside Tero> the vpn. This kind of policy might make it impossible to do Tero> endpoint to endpoint connections, and might limit which kind Tero> of gateway to gateway cases are allowed. So, then don't deploy DMVPN or whatever it's gonna be called. Is this for the applicability statement then? -- ] He who is tired of Weird Al is tired of life! | firewalls [ ] Michael Richardson, Sandelman Software Works, Ottawa, ON |net architect[ ] m...@sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ |device driver[ Kyoto Plus: watch the video <http://www.youtube.com/watch?v=kzx1ycLXQSE> then sign the petition. _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec