Francis Dupont wrote: > => yes, ICMP is hard to protect and to use it for small services > does not make things simpler...
So, we agree on this at least... > => there is an IAB statement about security. IPsec support was > made mandatory according to this statement and IMHO this was > a big step forward. There are other security mechanisms, > including some at the transport layer (SSL/TLS, IMHO IPsec > is better but real world considerations have to be considered :-) > and some at the application layer, with in some cases a very > different usage (PGP). > I have in favor of to make all core security mechanisms mandatory > (MUST or strong SHOULD), cf RFC 2316 section 10. IPsec is only > the first in the list. I'm partially in favor of this approach, but not entirely. I'd be much more comfortable with trying to make a detailed recommendation on where different mechanisms are applicable and mandated, than try to mandate them all everywhere (likely with less than 100% success among implementors). I think the general approach should be that security is mandatory, but not necessarily same type of security under all circumstances. Jari -------------------------------------------------------------------- IETF IPng Working Group Mailing List IPng Home Page: http://playground.sun.com/ipng FTP archive: ftp://playground.sun.com/pub/ipng Direct all administrative requests to [EMAIL PROTECTED] --------------------------------------------------------------------
