On Oct 31, 2010, at 12:00 AM, Masataka Ohta wrote: > TJ wrote: >> I would be quite curious to know your definition of failure, given that >> IPsec is currently deployed, and working in "more than a few" deployments >> ... > > Sorry for lack of clarification. > My context is IPsec in the Internet, which excludes VPNs. That's a strange exclusion, considering VPNs have been the primary use-case for IPsec over the Internet. > Do you know some major application over the Internet using IPsec > with transport mode? Yes: SIP. SIP/UDP over IPsec in transport mode on the Internet is not uncommon. Arguably more common than SIP over TLS, anyway... though that's expected to change. (and of course SIP over IPsec or TLS are both noise compared with plain SIP over UDP) Also, Femtocells running various protocols typically use IPsec over the Internet, though in tunnel mode I believe - but one wouldn't think of it as being a "VPN" in the traditional sense. Oh, and I believe storage/SAN (FCIP, iFCP, iSCSI) use IPsec over the Internet; or at least the IPsec chip vendors seem to focus on those markets a lot. Though again in tunnel mode I think, but not a classic "VPN" use. The Internet is big and diverse - not everything is HTTP and DNS. ;) -hadriel _______________________________________________ Ietf mailing list Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf