Classification:UNCLASSIFIED If a valid address range could include /32's ie a single host, I'd agree.
Chris [This message has been sent by a mobile device] ----- Original Message ----- From: Paul Hoffman <[email protected]> To: Ulliott, Chris Cc: IPsecme WG <[email protected]> Sent: Fri Oct 28 18:07:07 2011 Subject: Re: [IPsec] New -00 draft: Creating Large Scale Mesh VPNs Problem Statement On Oct 28, 2011, at 9:01 AM, Ulliott, Chris wrote: > So the assumption I've always had is that a spoke knows two things: > > 1) a method to identify the next cryptographic hop > 2) a method to determine if it's allowed to talk to a specific cryptographic > hop once identified. > > The second point could be solved through PKI and policy (although we need a > standard way to apply this) and the first could be solved through numerous > methods... the challenge is to find a standard way for all vendors are > willing to implement :-) The first point needs to be a bit more specific: "a method to identify the next cryptographic hop towards a particular address range". --Paul Hoffman **************************************************************************** Communications with GCHQ may be monitored and/or recorded for system efficiency and other lawful purposes. Any views or opinions expressed in this e-mail do not necessarily reflect GCHQ policy. This email, and any attachments, is intended for the attention of the addressee(s) only. Its unauthorised use, disclosure, storage or copying is not permitted. If you are not the intended recipient, please notify [email protected]. This information is exempt from disclosure under the Freedom of Information Act 2000 and may be subject to exemption under other UK information legislation. Refer disclosure requests to GCHQ on 01242 221491 ext 30306 (non-secure) or email [email protected] **************************************************************************** The original of this email was scanned for viruses by the Government Secure Intranet virus scanning service supplied by Cable&Wireless Worldwide in partnership with MessageLabs. (CCTM Certificate Number 2009/09/0052.) On leaving the GSi this email was certified virus free. Communications via the GSi may be automatically logged, monitored and/or recorded for legal purposes. _______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
