Hi, On 2022-8-24, at 2:08, Christian Hopps <cho...@chopps.org> wrote: > How about we add the text "This MUST NOT be used when full admin control over > the network cannot be assured."?
"full admin control" is a necessary prerequisite to mitigate/manage issues, but not a solution in itself. This CBR ESP tunnel is basically identical to a CBR pseudowire. There was quite a bit of work/discussion between PWE3 and various transport groups in the past that resulted in a set of guidance on how such pseudowires are safe to deploy. This guidance needs to be adopted here as well (or we'll need a much longer discussion on what alternative guidance could look like and why.) Thanks, Lars
signature.asc
Description: Message signed with OpenPGP
_______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec