[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: R41 in draft-ietf-v6ops-cpe-simple-security-07

To: james woodyatt <jhw@apple.com>
Subject: Re: R41 in draft-ietf-v6ops-cpe-simple-security-07
From: Rémi Denis-Courmont <remi@remlab.net>
Date: Wed, 29 Jul 2009 12:13:42 +0200
Cc: Iljitsch van Beijnum <iljitsch@muada.com>, IPv6 Operations <v6ops@ops.ietf.org>
In-reply-to: <4C0E5DC6-3F11-4BE3-BF48-4AB6A47C2336@apple.com>
Organization: Remlab.net
References: <20090727184501.933F83A6CE4@core3.amsl.com> <029CBD08-5A79-44C2-8490-E63AF783E3B7@muada.com> <7F9A6D26EB51614FBF9F81C0DA4CFEC80133E557C9BA@il-ex01.ad.checkpoint.com> <200907282136.55466.remi@remlab.net> <35FFC80F-07B3-4CE3-BF7A-453D6A64641B@apple.com> <D522EC2E-62F4-49D5-B290-FC1FA53EFE7D@muada.com> <4C0E5DC6-3F11-4BE3-BF48-4AB6A47C2336@apple.com>
User-agent: RoundCube Webmail/0.1

On Wed, 29 Jul 2009 11:36:58 +0200, james woodyatt <jhw@apple.com> wrote:

> On Jul 29, 2009, at 11:21, Iljitsch van Beijnum wrote:

>> On 29 jul 2009, at 10:22, james woodyatt wrote:

>>

>>> As long as the current treatment of IPsec AH, ESP and IKE remains

>>> in the draft as is, I have no objection as an individual

>>> contributor to removing recommendation R41.

>>

>> I do. Using IPsec may be a viable solution for a vendor who controls

>> both ends of the connection, but if I simply want to run a web

>> server in my home or be able to ssh into my systems that's not a

>> very good solution. A solution that allows applications to receive

>> incoming sessions in some automated way is much better.

> 

> Anybody want to second Iljitsch's comment?  If so, and no one objects,

> then I'll drop the proposal to remove R41 from the draft.



Either we have a way to push holes programmatically, or we have a way to

configure IPsec programmatically, or both. Currently we have neither of

them.



Just think about it. SSL/TLS is a wide success because any application can

use it. IPsec is a failure because, not only because of firewall/NATs, but

also because it is not "programmable"?



-- 

Rémi Denis-Courmont

References:
- I-D Action:draft-ietf-v6ops-cpe-simple-security-07.txt
  - From: Internet-Drafts@ietf.org
- Re: R41 in draft-ietf-v6ops-cpe-simple-security-07
  - From: Iljitsch van Beijnum <iljitsch@muada.com>
- RE: R41 in draft-ietf-v6ops-cpe-simple-security-07
  - From: Yaron Sheffer <yaronf@checkpoint.com>
- Re: R41 in draft-ietf-v6ops-cpe-simple-security-07
  - From: "Rémi Denis-Courmont" <remi@remlab.net>
- Re: R41 in draft-ietf-v6ops-cpe-simple-security-07
  - From: james woodyatt <jhw@apple.com>
- Re: R41 in draft-ietf-v6ops-cpe-simple-security-07
  - From: Iljitsch van Beijnum <iljitsch@muada.com>
- Re: R41 in draft-ietf-v6ops-cpe-simple-security-07
  - From: james woodyatt <jhw@apple.com>

Prev by Date: Re: R41 in draft-ietf-v6ops-cpe-simple-security-07
Next by Date: RE: R41 in draft-ietf-v6ops-cpe-simple-security-07
Previous by thread: Re: R41 in draft-ietf-v6ops-cpe-simple-security-07
Next by thread: RE: R41 in draft-ietf-v6ops-cpe-simple-security-07
Index(es):
- Date
- Thread