[ipv6-wg] RIPE-501 and IPSEC on CPEs
- Previous message (by thread): [ipv6-wg] RIPE-501 and IPSEC on CPEs
- Next message (by thread): [ipv6-wg] RIPE-501 and IPSEC on CPEs
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Merike Kaeo
merike at doubleshotsecurity.com
Tue Jul 26 19:24:42 CEST 2011
On Jul 26, 2011, at 9:04 AM, Jan Zorz @ go6.si wrote: > On 7/26/11 3:44 PM, Ole Troan wrote: >>>> My suggestion would be to add (in addition to RFC6204 in >>>> mandatory): >>>> >>>> "If this specification is used for business class CPE, then >>>> IPsec-v2 [RFC2401, RFC2406, RFC2402], IKE version 2 (IKEv2) >>>> [RFC4306, RFC4718] and ISAKMP [RFC2407, RFC2408, RFC2409] must be >>>> supported in addition to RFC6204 requirements" >>> >>> Any opinions from the WG on this? Otherwise I would add this to the >>> spec. >>> >>> Ole? >> >> on the fence, but if I had to fall down on one side I think its OK. >> perhaps a should? it really depends on the deployment. not all >> business deployments require VPNs. which presume is what is the >> underlaying reason for requiring this? > > Ole, thnx for kicking in... > > So, did you mean something like this in Optional section: > > "If this specification is used for business class CPE, then it is highly recommended, that IPsec-v2 [RFC2401, RFC2406, RFC2402], IKE version 2 (IKEv2) [RFC4306, RFC4718] and ISAKMP [RFC2407, RFC2408, RFC2409] are unconditionally required in addition to RFC6204 requirements" > > Would that work? > > What others think? The document lists mandatory and optional requirements. I think we should stick to this model. I like this new wording for the optional section here since it does stipulate that IPsec is strongly recommended but does not mandate it. - merike
- Previous message (by thread): [ipv6-wg] RIPE-501 and IPSEC on CPEs
- Next message (by thread): [ipv6-wg] RIPE-501 and IPSEC on CPEs
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[ ipv6-wg Archives ]