[ipv6-wg] RIPE-501 replacement document - IPsec question to community - we need your input.
Eric Vyncke (evyncke) evyncke at cisco.com
Fri Dec 23 17:30:40 CET 2011
Jan, Let's be realistic (and the best quality of RIPE-501++ is to be realistic and 'down to the ground'): very few IPv6-nodes do IPsec... So, let's remove this requirement and make it optional (RFC 6434 clearly shows the path). Going in holiday mode: do you use SSH or telnet+IPsec ? :-) In all friendship, Season's Greetings for all -éric > -----Original Message----- > From: ipv6-wg-bounces at ripe.net [mailto:ipv6-wg-bounces at ripe.net] On Behalf > Of Jan Zorz @ go6.si > Sent: vendredi 23 décembre 2011 09:45 > To: ipv6-wg at ripe.net > Subject: [ipv6-wg] RIPE-501 replacement document - IPsec question to > community - we need your input. > > Dear IPv6 community. > > (copy/paste from our internal discussion) > > The authors of RIPE-501 are finalizing the last comments from previous > last call and would like community input for what to do with IPsec. All > authors feel that IPsec should be a mandatory requirement for all > devices although due to technical limitations, for mobile devices it > will be optional. We are aware that RFC6434 made IPsec support a SHOULD > rather than a MUST. > > From RFC 2119: SHOULD This word, or the adjective "RECOMMENDED", mean > that there may exist valid reasons in particular circumstances to ignore > a particular item, but the full implications must be understood and > carefully weighed before choosing a different course. > > The change was largely due to limitations found in low power devices and > therefore we still feel the community is best served by requiring > mandatory IPsec support in all other devices (hosts, routers or layer-3 > switches, network security devices, load balancers) > > If we get this input from you this year, there is a great chance that we > could put out the new/final draft out for discussion and/or maybe > last-last-call before new year. > > For RIPE-501 authors group, Jan > > P.S: wishing happy new year, merry xmass, happiness, IPv6 and all that > stuff in at least next year :)
[ ipv6-wg Archives ]