[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

draft-ietf-ppvpn-requirements-06.txt

To: iesg-secretary@ietf.org
Subject: draft-ietf-ppvpn-requirements-06.txt
From: Steve Bellovin <smb@research.att.com>
Date: Wed, 14 May 2003 21:30:47 -0400
Cc: iesg@ietf.org

This is a requirements document -- shouldn't it use SHOULD and MUST, 
instead of should and must?

3.7: Encryption keys need great care in handling, and should not be 
readable by management systems.

4.5: Why must VPNs imply NAT?  A VPN is, by definition, private; 
address space usage is thus among consenting parties.  If there are 
non-uniqe address clouds among them, some form of NAT may be needed, 
but why is that part of the VPN definition?  (Same for 5.3)

5.1:  That's out of scope -- it's business decision by the parties 
involved.

5.9: I don't understnd the text "Security services shall apply to...
or, a subset of the VPN traffic between sites...".  Is that referring 
to customer use of IPsec, with add-on security by the provider?  Also, 
what is the "AH or ESP identifier"?  The IP protocol number for them?

6.9.1: Extending IPsec?  Not at this time; that WG needs to finish.

6.9.3: address-hiding?  Also, why is a firewall a necessary part of a 
PPVPN?

6.10.3: The mind boggles.  I didn't think we knew how to do some of 
that intra-provider, let alone inter-provider for multiple PPVPNs.


		--Steve Bellovin, http://www.research.att.com/~smb (me)
		http://www.wilyhacker.com (2nd edition of "Firewalls" book)

Prev by Date: Re: Last Call: NIS Configuration Options for DHCPv6 to Proposed Standard
Next by Date: RE: Last Call: RADIUS Support For Extensible Authentication Protocol (EAP) to Informational
Previous by thread: draft-ietf-ppvpn-requirements-06.txt
Next by thread: draft-ietf-ppvpn-requirements-06.txt
Index(es):
- Date
- Thread