Draft: draft-ietf-l3vpn-ce-based-as-00.txt Reviewer: Harald Alvestrand [hta@google.com] Review Date: Thursday 9/14/2006 3:28 AM CST IETF LC Date: 9/4/2006 Summary: Mostly harmless My biggest concern with this class of specification is that it doesn't specify anything. As I read it, it's basically a primer on the things you have to think about when creating a VPN based on Customer Edge equipment - you have to provision them from somewhere (using an unspecified protocol), you have to think about how to give them Internet access, you have to secure traffic between the devices so that nobody else can snoop on them, and you have to throw away traffic that isn't what you expected it to be. Motherhood and apple pie, and I'm sure there's a target audience for this stuff. But there is no protocol here, there is no requirements language, there is nothing by which one can test that a particular implementation of such a VPN behaves like an "IETF-defined CE-based PPVPN", and there is not even the beginning of requirements for interoperability between vendors of CE-based VPN equipment. The most you can say is that some approaches (such as VPN over SSH) aren't part of this model. I think the documents are coherent, well written, readable, and probably useful for some target audience. But I am hard pressed to figure out why such documents belong even in the vicinity of the IETF standards track. I'm happy to let these two documents out as Informational. I think any such document belongs in that class. But I suspect the political waters here are deep and troubled. I wish the WG chairs and the ADs the best of luck in navigating them. No nits worth mentioning.