Linda Dunbar <[email protected]> wrote: > I believe I’ve addressed the questions you raised in our earlier email > exchanges, but please let me know if I’ve missed anything.
> Could you share your recommendation on the best path forward? Should we
> consider AD sponsorship, pursue adoption in IPsecme, or take another
> route?
1. Running Code.
2. As for rough consensus: Depends upon who is going to implement.
It seems that you need Azure, Google, AWS to implement in order to deploy.
I imagined firewall interactions with IPsec back in 1996.
https://datatracker.ietf.org/doc/draft-richardson-ipsec-traversal/
It was endhost-to-endhost AH inside security "hop"-by-hop ESP.
The problem is getting the transient trust to the intermediate hop, and that is
what I've asked about since you presented in Brisbane.
I heard that it wasn't a problem, because SDN would orchestrate, but that's a
single AS solution.
{In hindsight, the MTU issue would have killed us, had we managed to implement
it. IP-TFS ought to solve that problem now, though}
--
Michael Richardson <[email protected]> . o O ( IPv6 IøT consulting )
Sandelman Software Works Inc, Ottawa and Worldwide
signature.asc
Description: PGP signature
_______________________________________________ IPsec mailing list -- [email protected] To unsubscribe send an email to [email protected]
