[ipv6-wg] RIPE-501 replacement document - IPsec question tocommunity - we need your input.
Leo Vegoda leo.vegoda at icann.org
Tue Dec 27 17:44:42 CET 2011
Hi, On Dec 27, 2011, at 8:08 am, Merike Kaeo wrote: > On Dec 27, 2011, at 7:43 AM, Eric Vyncke (evyncke) wrote: > >> I think that we should keep IPsec/IKEv2 only for firewall and mention to any place where OSPFv3 is mentioned that the support of AH is required. > > Is there an RFC that now states that IPsec AH for OSPFv3 is a 'MUST' or 'SHOULD' and not a 'MAY'? Last I recall the specifics for how to implement IPsec for OSPFv3 are in RFC4552 and states that ESP is a 'MUST' and AH is a 'MAY'. There is an unverified errata report that reverses those key words: http://www.rfc-editor.org/errata_search.php?rfc=4552 It'll be interesting to see if its status is ever changed to verified. Regards, Leo
[ ipv6-wg Archives ]