Michael Richardson wrote: >>>>>> "Masataka" == Masataka Ohta<mohta@xxxxxxxxxxxxxxxxxxxxxxxxxx> writes: > Masataka> My context is IPsec in the Internet, which excludes VPNs. > > Masataka> Do you know some major application over the Internet using > Masataka> IPsec with transport mode? > > Why the restriction of *over*? > Dozens of IETF specifications are not used *over* the Internet, but only > over IP. Because IPv6 and IPsec were designed for the Internet. See, for example, RFC1825 saying: Widespread deployment and use of IP security will require an Internet-standard scalable key management protocol. If it were possible to have a universal PKI over the Internet, IPsec could have succeeded and IPv6 security myths could have been real. However, the reality is that there can be no such thing as a universal PKI. Note again that ICMPv6 messages were considered to be authenticated by IPsec through the hypothetical universal PKI. Masataka Ohta _______________________________________________ Ietf mailing list Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf