[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
draft-ietf-ppvpn-requirements-06.txt
This is a requirements document -- shouldn't it use SHOULD and MUST,
instead of should and must?
3.7: Encryption keys need great care in handling, and should not be
readable by management systems.
4.5: Why must VPNs imply NAT? A VPN is, by definition, private;
address space usage is thus among consenting parties. If there are
non-uniqe address clouds among them, some form of NAT may be needed,
but why is that part of the VPN definition? (Same for 5.3)
5.1: That's out of scope -- it's business decision by the parties
involved.
5.9: I don't understnd the text "Security services shall apply to...
or, a subset of the VPN traffic between sites...". Is that referring
to customer use of IPsec, with add-on security by the provider? Also,
what is the "AH or ESP identifier"? The IP protocol number for them?
6.9.1: Extending IPsec? Not at this time; that WG needs to finish.
6.9.3: address-hiding? Also, why is a firewall a necessary part of a
PPVPN?
6.10.3: The mind boggles. I didn't think we knew how to do some of
that intra-provider, let alone inter-provider for multiple PPVPNs.
--Steve Bellovin, http://www.research.att.com/~smb (me)
http://www.wilyhacker.com (2nd edition of "Firewalls" book)