o Kivinen
> Sent: Monday, April 22, 2013 8:09 AM
> To: Stephen Hanna
> Cc: ipsec@ietf.org
> Subject: Re: [IPsec] Please Review Changes to AD VPN Problem Statement
>
> Stephen Hanna writes:
> > I agree with you that requirement 5 as currently worded
> > is too strict. W
Tero,
I agree with you that requirement 5 as currently worded
is too strict. We don't want to end up with a situation
where no ADVPN peers can participate in the establishment
of the ADVPN! On the other hand, we want to limit the
effects of the compromise of an endpoint because endpoint
compromise
I have posted a new version of the AD VPN Problem
Statement that adds clarifying text to requirements
6 and 7, as suggested by Tero. Please review and
comment. Is everyone (especially Tero) OK with the
new text?
The new draft is available at
https://datatracker.ietf.org/doc/draft-ietf-ipsecme-ad-
Vishwas and I have updated the AD VPN Problem Statement
and Requirements draft to address the comments received
on the previous version and remaining comments from
earlier email discussions. The new version is available at
https://datatracker.ietf.org/doc/draft-ietf-ipsecme-ad-vpn-problem
A summa
AM
> To: IPsecme WG
> Subject: Re: [IPsec] [ipsecme] #212: Section 2.2 should be more
> detailed.
>
> On Mar 21, 2012, at 2:29 AM, Stephen Hanna wrote:
>
> > In a simple use case we want hub and spoke topology for say
> > the DC and the branches. This would a
If that's the topic, we already have an issue (#213) for it.
Let's see if MCR will clarify what he meant here.
Thanks,
Steve
> -Original Message-
> From: Yaron Sheffer [mailto:yaronf.i...@gmail.com]
> Sent: Wednesday, March 21, 2012 7:04 PM
> To: Yoav Nir
> C
Steve
From: ipsec-boun...@ietf.org [mailto:ipsec-boun...@ietf.org] On Behalf Of
Vishwas Manral
Sent: Wednesday, March 21, 2012 3:18 PM
To: Stephen Hanna
Cc: IPsecme WG
Subject: Re: [IPsec] [ipsecme] #214: Should gateways figure things out
completely or just punt endpoints to a closer gateway?
Hi S
ks,
Steve
From: Vishwas Manral [mailto:vishwas.i...@gmail.com]
Sent: Wednesday, March 21, 2012 3:23 PM
To: Stephen Hanna
Cc: IPsecme WG
Subject: Re: [IPsec] [ipsecme] #216: Multiple interfaces or mobile endpoint
Hi Steve,
Branch routers have 3G/ 4G interfaces as backups for the primary interface and
Here's the last issue for now. If you think that I missed any,
please let me know and we'll get them added.
Thanks,
Steve
-Original Message-
From: ipsecme issue tracker [mailto:t...@tools.ietf.org]
Sent: Tuesday, March 20, 2012 7:06 PM
To: yaronf.i...@gmail.com; draft-ietf-ipsecme-p2p-v
Keeping you entertained in the week before IETF 83...
Steve
-Original Message-
From: ipsecme issue tracker [mailto:t...@tools.ietf.org]
Sent: Tuesday, March 20, 2012 7:03 PM
To: yaronf.i...@gmail.com; draft-ietf-ipsecme-p2p-vpn-prob...@tools.ietf.org
Subject: [ipsecme] #218: Exhaustive c
Another one.
Steve
-Original Message-
From: ipsecme issue tracker [mailto:t...@tools.ietf.org]
Sent: Tuesday, March 20, 2012 7:05 PM
To: yaronf.i...@gmail.com; draft-ietf-ipsecme-p2p-vpn-prob...@tools.ietf.org
Subject: [ipsecme] #220: Sec. 3.2: dangling paragraph
#220: Sec. 3.2: danglin
Please comment.
Steve
-Original Message-
From: ipsecme issue tracker [mailto:t...@tools.ietf.org]
Sent: Tuesday, March 20, 2012 7:04 PM
To: yaronf.i...@gmail.com; draft-ietf-ipsecme-p2p-vpn-prob...@tools.ietf.org
Subject: [ipsecme] #219: Star topology as an admin choice
#219: Star topol
Another issue to comment on.
Steve
-Original Message-
From: ipsecme issue tracker [mailto:t...@tools.ietf.org]
Sent: Tuesday, March 20, 2012 7:01 PM
To: yaronf.i...@gmail.com; draft-ietf-ipsecme-p2p-vpn-prob...@tools.ietf.org
Subject: [ipsecme] #217: Temporary credentials
#217: Temporar
Another issue. Please comment.
And don't miss Yaron's comment below.
Thanks,
Steve
-Original Message-
From: ipsecme issue tracker [mailto:t...@tools.ietf.org]
Sent: Tuesday, March 20, 2012 6:57 PM
To: yaronf.i...@gmail.com; draft-ietf-ipsecme-p2p-vpn-prob...@tools.ietf.org
Subject: [ip
Another issue. Please comment.
Steve
-Original Message-
From: ipsecme issue tracker [mailto:t...@tools.ietf.org]
Sent: Tuesday, March 20, 2012 7:00 PM
To: yaronf.i...@gmail.com; draft-ietf-ipsecme-p2p-vpn-prob...@tools.ietf.org
Subject: Re: [ipsecme] #215: Should traffic flow through the
Please comment on Suggested Resolution. Note that Yaron has
already supplied his comment below.
Steve
-Original Message-
From: ipsecme issue tracker [mailto:t...@tools.ietf.org]
Sent: Tuesday, March 20, 2012 6:59 PM
To: yaronf.i...@gmail.com; draft-ietf-ipsecme-p2p-vpn-prob...@tools.ietf
Another issue. Please comment on Suggested Resolution.
Thanks,
Steve
-Original Message-
From: ipsecme issue tracker [mailto:t...@tools.ietf.org]
Sent: Tuesday, March 20, 2012 6:58 PM
To: yaronf.i...@gmail.com; draft-ietf-ipsecme-p2p-vpn-prob...@tools.ietf.org
Subject: [ipsecme] #213: In
Third issue.
Steve
-Original Message-
From: ipsecme issue tracker [mailto:t...@tools.ietf.org]
Sent: Tuesday, March 20, 2012 6:57 PM
To: yaronf.i...@gmail.com; draft-ietf-ipsecme-p2p-vpn-prob...@tools.ietf.org
Subject: [ipsecme] #212: Section 2.2 should be more detailed.
#212: Section 2
Second issue. Please comment on the suggested resolution.
Thanks,
Steve
-Original Message-
From: ipsecme issue tracker [mailto:t...@tools.ietf.org]
Sent: Tuesday, March 20, 2012 6:49 PM
To: yaronf.i...@gmail.com; draft-ietf-ipsecme-p2p-vpn-prob...@tools.ietf.org
Subject: [ipsecme] #211:
With Yaron's help, I have reviewed all the email traffic
regarding draft-ietf-ipsecme-p2p-vpn-problem-00.txt and
created tickets for all the issues in the ipsecme trac
database, including a proposed resolution for each issue.
Although you can access the issues online through the
trac database, the
Here's the first issue. So far, it has been the most
contentious one! Interesting that it's the least
technical issue. H.
Anyway, if you're not happy with the proposed resolution,
please suggest another. And if you support this idea,
please say so.
Thanks,
Steve
-Original Message-
F
I'm concerned that people expect "ad hoc VPN" to include VPN connections
between endpoints with no prior trust relationship.
Thanks,
Steve
From: ipsec-boun...@ietf.org [mailto:ipsec-boun...@ietf.org] On Behalf Of Mark
Boltz
Sent: Monday, March 19, 2012 2:12 PM
To: IPsecme WG
Subject: Re: [IPse
Message-
> From: Ulliott, Chris [mailto:chris.ulli...@cesg.gsi.gov.uk]
> Sent: Monday, March 12, 2012 7:16 PM
> To: 'm...@cisco.com'; Stephen Hanna
> Cc: 'ipsec@ietf.org'
> Subject: Re: [IPsec] P2P VPN draft UNCLASSIFIED
>
> Classification:UNCLASSIFIED
&g
st welcome.
Thanks,
Steve
> -Original Message-
> From: Mike Sullenberger [mailto:m...@cisco.com]
> Sent: Monday, March 12, 2012 6:57 PM
> To: Stephen Hanna
> Cc: ipsec@ietf.org; chris.ulli...@cesg.gsi.gov.uk
> Subject: Re: [IPsec] P2P VPN draft UNCLASSIFIED
>
> Steve
Upon reflection, I can see how "Point to Point VPNs" is problematic
as a description of the problem. Really it's more about dynamically
creating SAs so that any endpoint or gateway can communicate directly
with any other, as permitted by policy. And how can we do this in a
manageable manner in a la
connection between two "end-sites" might be
needed? I can add that as an example in the next version of the draft.
SH> And thanks for volunteering to participate in formulating the problem
statement and the solutions. That's great!
Take care,
Steve
From: Vishwas Manral [mailto
In case you didn't notice, I have posted the -00 version
of the P2P VPN problem statement. The URL is below.
Please review and comment.
I'm especially interested in getting feedback on the
use cases in this document. As previously agreed, they
are based on the use cases in section 2.2 of the
previ
Mark,
Thanks for stepping forward to help with the problem statement
and with reviewing the various drafts. In order to maximize the
open discussion of these drafts, I think it's best to conduct
these discussions on the public ipsec email list. Therefore,
I'll be posting a first draft of the probl
Paul,
Sorry to be late in responding. I've been working with other
Juniper folks to figure out which of us should volunteer to
edit the P2P VPN problem statement. But never mind about that.
I am willing to edit the P2P VPN problem statement document.
I know that we need to have a draft promptly a
Yes, I definitely think this is a good idea.
Thanks,
Steve
> -Original Message-
> From: ipsec-boun...@ietf.org [mailto:ipsec-boun...@ietf.org] On Behalf
> Of Yoav Nir
> Sent: Monday, December 12, 2011 4:45 AM
> To: IPsecme WG
> Cc: Paul Hoffman
> Subject: Re: [IPsec] Large Scale VPN
>
>
The conclusion of Wednesday night's P2P VPN side meeting
was that we would start a new thread on the proposed
ipsecme charter change and resolve the open questions
by email. Let's start off with the text that came out
of Wednesday's meeting and the questions raised there.
The text from the meeting
Here are the notes that I took during Wednesday
night's side meeting on P2P VPN. Please send any
corrections to the list.
Thanks,
Steve
--
Notes from November 16, 2011 P2P VPN Side Meeting
at IETF 82
Steve Hanna took notes. He did not duplicate the
slide content but focused on the disc
The audio streaming in the room is not working so
we'll be using Webex for remote audio. All
presenters and speakers will use headsets or
PC mikes for speaking.
Please join the Webex below and get audio
there.
Thanks,
Steve
> -Original Message-
> From: ipsec-boun...@ietf.org [mailto:ips
I think we will benefit greatly if we focus tonight's
meeting mainly on discussion of and perhaps agreement
on the PROBLEM TO BE SOLVED.
Comparison and analysis of proposed solutions should
wait until we have agreed on the problem statement
and the requirements derived from that. And, as we've
jus
: Geoffrey Huang; Stephen Hanna
Cc: ipsec@ietf.org
Subject: Re: [IPsec] New -00 draft: Creating Large Scale Mesh VPNs Problem
Well, there is a free room between 1300-1500 on Wednesday, but then we're
opposite WebSec, and I can't attend.
Our best bet is to do it after the Plenary. The pl
I'm concerned about using DNS as the introducer here. Doing this
securely requires DNS records to be updated, signed, and distributed
whenever a new "satellite" gateway or host arrives or departs.
That's cumbersome, expensive, and complex since it requires
interfacing the IPsec and DNSSEC infrastru
36 matches
Mail list logo