> This is the start of 2 week WG adoption call for this document, ending
> 2021-11-22. Please send your reply about whether you support adopting
> this document as WG document or not.I have browsed through the document. I don't know if the mechanism is correct or not. I think that Paul Wouters' email seems correct to me. I think that there is an interaction with provisioning domains (PvD) which is not spelled out. The remote access "VPN" is usually a provisioning domain these days. In general, I don't think that split-DNS is a good thing. I don't think that sending all traffic through the VPN is a good thing. Almost everyone that I know, that has any kind of VPN, has more than one potentially active at the same time. (but my friends are mostly consultants like me). So I object to the entire notion that we need to do anything at all: there are way better solutions than split-dns, and I think we should stop pandering to enterprises that live in the dark-ages of 1992 IPv4. Do any of them actually pay to upgrade/replace their VPN gateway boxes such that they'd actually get this new code? Are the split-dns or die enthusiasts running IKEv1 w/3DES+MD5? Having said this, I do not object to the WG doing this work, but I won't be taking time to review it. -- Michael Richardson <mcr+i...@sandelman.ca>, Sandelman Software Works -= IPv6 IoT consulting =-
signature.asc
Description: PGP signature
_______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
