?completeness of IPsec feature-set

netdev.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: "John S. Denker" <jsd@monmouth.com>
To: netdev <netdev@oss.sgi.com>
Subject: ?completeness of IPsec feature-set
Date: Thu, 27 Mar 2003 06:13:59 -0500	[thread overview]
Message-ID: <3E82DCF7.7090706@monmouth.com> (raw)

Hi --

I've been unable to find much discussion of what IPsec
features should be built into 2.5 / 2.6 to ensure a
reasonable level of usability and scalability.

For example, consider the challenge of establishing an
ordinary VPN where N-1 of the gateways have changeable
wild-side IP addresses.  AFAICT nobody knows how to get
racoon to do this.

People were hoping that the new IPsec implementation
would be a step forward.  If it can't support road
warriors it might be considered a step backwards.

Mr. Atkins recently offered to look into the road-warrior
issue in particular ...
http://lists.freeswan.org/pipermail/design/2003-March/004575.html

... but the overall question remains:  What has been
done to ensure completeness and coherence of the
design in general?

Is there a document somewhere listing the set of
desirable features and the status thereof?  If not,
it's high time to create one.

If you want to know what sort of features I'm talking
about, please see
http://www.monmouth.com/~jsd/vpn/ipsec+routing/feature-list.htm

Some of the listed features are obvious and already implemented
or at least promised.  But others may be less obvious and their
status is not clear.

next             reply	other threads:[~2003-03-27 11:13 UTC|newest]

Thread overview: 8+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2003-03-27 11:13 John S. Denker [this message]
2003-03-27 13:36 ` ?completeness of IPsec feature-set bert hubert
2003-03-27 21:48   ` John S. Denker
2003-03-27 21:58     ` bert hubert
2003-03-27 22:58       ` John S. Denker
2003-03-27 23:21       ` James Morris
2003-03-28  6:32       ` Pekka Savola
2003-03-28 10:19         ` bert hubert

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=3E82DCF7.7090706@monmouth.com \
    --to=jsd@monmouth.com \
    --cc=netdev@oss.sgi.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).