[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: draft-jones-opsec-01.txt comments: in-band management

To: gmj@pobox.com,"Joel N. Weber II" <ietf-opsec@joelweber.com>
Subject: Re: draft-jones-opsec-01.txt comments: in-band management
From: Merike Kaeo <kaeo@merike.com>
Date: Fri, 24 Oct 2003 17:43:16 -0700
Cc: opsec@ops.ietf.org
In-reply-to: <Pine.LNX.4.53.0310241634510.18528@mall.pulltheplug.com>
References: <E1ACjKL-00039v-00@xanthine.gratuitous.org> <Pine.LNX.4.53.0309180944000.14813@mall.pulltheplug.com> <E19pxTV-0004du-00@xanthine.gratuitous.org> <Pine.LNX.4.53.0308261246570.12054@mall.pulltheplug.com> <E19zpMk-0007kg-00@xanthine.gratuitous.org> <Pine.LNX.4.53.0309180944000.14813@mall.pulltheplug.com> <5.2.1.1.2.20031023002110.027b3398@mail.merike.com> <E1ACjKL-00039v-00@xanthine.gratuitous.org>

At 04:56 PM 10/24/2003 -0400, George Jones wrote:

On Thu, 23 Oct 2003, Joel N. Weber II wrote:

> It seems like opsec is not really the right scope to be mandating
> lowest common denominator profiles for IPsec.  I think we ought to be
> able to just say ``IPsec'', and let the IPsec people take care of the
> rest.

Thank-you. Agreed.

The group is shutting down and it won't get done in the IPsec wg but miracles may still happen....I just figured if we were doing it for RS-232 then why not IPsec......(lets not waste bw debating this if I'm the only one on my side....I'm fine with not including it and have other ideas on how to maybe fix the vendor default issue)

Right.  If someone can show succes stories of quick, painless rollout
of IPsec in a large multi-vendor environemnt without the need to get
vendors and testing labs involved to resolve incompatabilites and
point a 5 page or less "Here's how I did it, and how you can do it to"
writeup" I'd be willing to be convinced.

I was looking more at creating a single default management IPsec profile so that vendors would look to the profile for creating a uniform default template and help avoid some pain for users in configuring IPsec. Less parameters to configure, less pain. Maybe? Is *anyone* on this list using IPsec to manage their routers/switches?

- merike

References:
- Re: draft-jones-opsec-01.txt comments: in-band management
  - From: "Joel N. Weber II" <ietf-opsec@joelweber.com>
- Re: [spam score 5/10 -pobox] draft-jones-opsec-01.txt comments
  - From: George Jones <gmj@pobox.com>
- Re: [spam score 5/10 -pobox] draft-jones-opsec-01.txt comments
  - From: George Jones <gmj@pobox.com>
- Re: [spam score 5/10 -pobox] draft-jones-opsec-01.txt comments
  - From: "Joel N. Weber II" <ietf-opsec@joelweber.com>
- Re: draft-jones-opsec-01.txt comments: in-band management
  - From: Merike Kaeo <kaeo@merike.com>
- Re: draft-jones-opsec-01.txt comments: in-band management
  - From: George Jones <gmj@pobox.com>

Prev by Date: Re: [spam score 5/10 -pobox] draft-jones-opsec-01.txt comments
Next by Date: Re: User Readable Config File (2.4.7)
Previous by thread: Re: draft-jones-opsec-01.txt comments: in-band management
Next by thread: Re: draft-jones-opsec-01.txt comments: in-band management
Index(es):
- Date
- Thread