[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: TED poll (Re: Draft Minutes from IPSP WG Mtg at 52st IETF)



-----BEGIN PGP SIGNED MESSAGE-----


>>>>>  "Lee" == Lee Rafalow <rafalow@xxxxxxxxxxxxxx> writes:
     Lee> I was, I think, the only "few objections" to pursuing gateway
     Lee> discovery. 
     Lee> The reason I objected is that if we're going to have a protocol
     Lee> that publishes policy to anyone who asks and that only works for a
     Lee> subset of the 

   Keeping policy information confidential is a goal (not always achieveable),
although I see that it has slipped out of the requirements document. I'll add
it back.

     Lee> network, we can do much, much better with an existing protocol: LDAP.
     Lee> Define a schema (based on the ICPM + topology).  The installation
     Lee> can then 

   And what key would you use to look up the policy in this "global 
LDAP database"?

   if you wish, you may think of tunnel endpoint discovery as potentially
discoverying an address of an LDAP server along with index into its database.

]       ON HUMILITY: to err is human. To moo, bovine.           |  firewalls  [
]   Michael Richardson, Sandelman Software Works, Ottawa, ON    |net architect[
] mcr@xxxxxxxxxxxxxxxxxxxxxx http://www.sandelman.ottawa.on.ca/ |device driver[
] panic("Just another NetBSD/notebook using, kernel hacking, security guy");  [


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: latin1
Comment: Finger me for keys

iQCVAwUBPB63JIqHRg3pndX9AQFsHAP/TBNgvYunZXdjilK8Xm8Z9EaJVVr2iHxm
hAB/fXDf9xW+mj8SDYjsRs4hVw7/dDqY4V/5yzJqKuSnLhvK15Z3fjKpcze+BMY2
IZam4L83O+IhX8YakBtZ3whp8kz68JiLLUzQbnoRVjJzFFsIprCuwBg5UcvPd724
nT23n/yLhuQ=
=3hps
-----END PGP SIGNATURE-----