[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
draft-ietf-ppvpn-requirements
3.3 It might be worth clarifying that extranets often have port
number restrictions, as well as host restrictions.
4.5 strongly suggests NAT. Do we really want to encourage that sort of
thing? It even speaks of non-IP NAT, which is certainly not our
business.
5.9 There is text about how customer security measures must not hide
QoS information from the SP. That's very wrong. At least, if it's wrong
if they mean "you must show us port numbers". But more fundamentally,
it says "a security solution deployed by a customer must not hide
information...". I don't think this document should be specifying that
sort of requirements for customer behavior.
6.9.1 Replay protection has nothing to do with man-in-the-middle
attacks.
DES is deprecated and shouldn't be suggested here. AES should
be listed.
--Steve Bellovin, http://www.research.att.com/~smb (me)
http://www.wilyhacker.com (2nd edition of "Firewalls" book)