[ipv6-wg] RIPE-501 replacement document - IPsec question to community - we need your input.
Fernando Gont fgont at si6networks.com
Fri Dec 23 11:26:54 CET 2011
Hi, Jan, On 12/23/2011 05:45 AM, Jan Zorz @ go6.si wrote: > The change was largely due to limitations found in low power devices and > therefore we still feel the community is best served by requiring > mandatory IPsec support in all other devices (hosts, routers or layer-3 > switches, network security devices, load balancers) While I have not followed the discussion that lead to MUST -> SHOULD in RFC6434 closely, I should say that it is well understood that the previous requirement of "MUST" was mostly "words on paper". Question: Does "requiring IPsec support in all other devices" mean "complying with RFC 4301"? If that's the case, you're also requiring those devices to support IKEv2. If that's intentional, I think you should make it explicit... Thanks, and Merry Christmas! Best regards, -- Fernando Gont SI6 Networks e-mail: fgont at si6networks.com PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492
[ ipv6-wg Archives ]