I trust that this is a question on the sample set of requirements for the scenario I sent to Paul.
I use infrastructure and intermediaries terms interchangeably. The scenario I had in mind is: No heuristic support from any network infrastructure. Only limited number of legacy clients that require encryption, hence they are capable of upgrading. Vast majority of legacy are ok with ESP-NULL. Potentially many uplevel clients that require encryption. As on the previous thread, we want to enable as many capabilities in the cross product matrix as possible. Hence it is extremely desirable for uplevel to do encryption or integrity without forcing extra infrastructure config. I.e. I'd assume that managing ip addresses on all uplevel machines that want to do encryption is prohibitive. bs -----Original Message----- From: Stephen Kent [mailto:k...@bbn.com] Sent: Wednesday, January 06, 2010 1:01 PM To: Brian Swander Cc: ipsec@ietf.org; Russ Housley; gabriel montenegro; Stephen Kent Subject: RE: [IPsec] Traffic visibility - consensus call At 7:55 PM +0000 1/6/10, Brian Swander wrote: >I trust my clarification (to Yaron) addressed these questions. Let >me know if there are any outstanding. > I understood the first two lines about lots of legacy systems, only a few of which need to perform encryption." The next two lines were too terse for me: "Routing infrastructure that doesn't do heuristics Requires intermediaries that can do full ESP-NULL parsing" if the intermediaries are part of the routing infrastructure, why use different terms in these two lines? Also within an enterprise context, one might well be able to configure the intermediaries with the addresses of the few machines that perform encryption, and which therefore are allowed to communicate with one another w/o benefit of packet inspection. So I would not say that your response addresses my questions in the lager context. Steve _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
