[ipv6-wg] RIPE-501 replacement document - IPsec question tocommunity - we need your input.
Merike Kaeo merike at doubleshotsecurity.com
Tue Dec 27 17:08:51 CET 2011
On Dec 27, 2011, at 7:43 AM, Eric Vyncke (evyncke) wrote: > I think that we should keep IPsec/IKEv2 only for firewall and mention to any place where OSPFv3 is mentioned that the support of AH is required. Is there an RFC that now states that IPsec AH for OSPFv3 is a 'MUST' or 'SHOULD' and not a 'MAY'? Last I recall the specifics for how to implement IPsec for OSPFv3 are in RFC4552 and states that ESP is a 'MUST' and AH is a 'MAY'. The arguments for AH and ESP-Null were also on the IPv6 Maintenance WG mailing list in Feb/March 2008 and I don't think the standard changed. - merike > >> -----Original Message----- >> From: ipv6-wg-bounces at ripe.net [mailto:ipv6-wg-bounces at ripe.net] On Behalf >> Of Florian Weimer >> Sent: mardi 27 décembre 2011 13:41 >> To: Jan Zorz @ go6.si >> Cc: ipv6-wg at ripe.net >> Subject: Re: [ipv6-wg] RIPE-501 replacement document - IPsec question >> tocommunity - we need your input. >> >> * Jan Zorz: >> >>> On 12/27/11 10:15 AM, Florian Weimer wrote: >>>> Most devices use TLS. >>>> >>>> I agree with dropping IPsec from the document completely, indepedent of >>>> device type. >> >>> So you suggest not mentioning IPsec in any form at all in whole >>> document? Am I reading this correctly? >> >> Yes. Even if we could achieve agreement on a subset of devices where >> it's supposed to make sense, "IPsec" is really a catchphrase for a set >> of related protocols, so anyone who actually needs some of it needs to >> ask for it explicitly anyway. >> >> -- >> Florian Weimer <fweimer at bfk.de> >> BFK edv-consulting GmbH http://www.bfk.de/ >> Kriegsstraße 100 tel: +49-721-96201-1 >> D-76133 Karlsruhe fax: +49-721-96201-99 > > >
[ ipv6-wg Archives ]