I will second his comment. You don't really need both ends to be "controlled by the same vendor", but you certainly need some trust relationship between them. Which you don't have in many important cases. If we had opportunistic IPsec plus a good API in place, it would be a good solution. IMHO, we're not there yet. Thanks, Yaron > -----Original Message----- > From: owner-v6ops@ops.ietf.org [mailto:owner-v6ops@ops.ietf.org] On Behalf > Of james woodyatt > Sent: Wednesday, July 29, 2009 11:37 > To: Iljitsch van Beijnum > Cc: IPv6 Operations > Subject: Re: R41 in draft-ietf-v6ops-cpe-simple-security-07 > > On Jul 29, 2009, at 11:21, Iljitsch van Beijnum wrote: > > On 29 jul 2009, at 10:22, james woodyatt wrote: > > > >> As long as the current treatment of IPsec AH, ESP and IKE remains > >> in the draft as is, I have no objection as an individual > >> contributor to removing recommendation R41. > > > > I do. Using IPsec may be a viable solution for a vendor who controls > > both ends of the connection, but if I simply want to run a web > > server in my home or be able to ssh into my systems that's not a > > very good solution. A solution that allows applications to receive > > incoming sessions in some automated way is much better. > > Anybody want to second Iljitsch's comment? If so, and no one objects, > then I'll drop the proposal to remove R41 from the draft. > > > -- > james woodyatt <jhw@apple.com> > member of technical staff, communications engineering > > > > > Scanned by Check Point Total Security Gateway.
Attachment:
smime.p7s
Description: S/MIME cryptographic signature