[ipv6-wg] RIPE-501 replacement document - IPsec question to community - we need your input.
Sander Steffann sander at steffann.nl
Tue Dec 27 23:36:51 CET 2011
Hi, >> Yes. Even if we could achieve agreement on a subset of devices where >> it's supposed to make sense, "IPsec" is really a catchphrase for a set >> of related protocols, so anyone who actually needs some of it needs to >> ask for it explicitly anyway. > > My experience differs. I have a bunch of site-to-site VPNs on IPSEC, > partially to not very large sites, and most enterprisey routers I've met > can do an IPSEC tunnel just fine. > > How many sizeable enterprises or government entities do you know that > really reside in just one building or even campus? The requirement > to be able to connect a satellite office to headquarters is not really > esoteric. I agree. We are writing a template for tender initiators for enterprises. I think we should state that IPSec is mandatory, because enterprises should have the possibility to set up IPSec site-to-site tunnels as a minimum. I think we should write it in such a way that enterprises require IPSec support when writing a request for tender, unless they consciously decide that they don't need it. So I think we should put IPSec in the 'required' section. If an enterprise knows it will not need it then they can move it to 'optional' themselves. RIPE-501 and its successor are templates to be used and adapted as necessary. We should provide a sane default, and they might (will probably?) need IPSec at some point in time. I am leaving for vacation now, so I'll eave it up to this WG to decide what to do with my input :-) Sander -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 2084 bytes Desc: not available URL: <https://lists.ripe.net/ripe/mail/archives/ipv6-wg/attachments/20111227/06cea4c0/attachment.p7s>
[ ipv6-wg Archives ]