Date: Mon, 04 Mar 2002 12:50:49 +0200
From: Jari Arkko <[EMAIL PROTECTED]>
Message-ID: <[EMAIL PROTECTED]>
| The point
| is the use of appropriate mechanisms for the task at hand.
Yes, but you can't possibly know the mechanisms unless you know the
requirements of the nets at both ends of the connection. You know
only one of them. If you want your devices to ever be able to communicate
with a net being installed in a new building currently being fitted out
in Melb Uni, you will need to have IPsec implemented, nothing using clear
IP will be connected (ie: packets will be dropped). If the application
requires TLS, then it will use TLS, which will mean TLS over IPsec, which
is just fine (might seem like overkill, but each is offering different
functionality, so it isn't really).
Requiring IPsec in *all* IPv6 is what makes this feasible - we know that
everyone we're ever going to communicate with will be able to use IPsec.
No exceptions.
kre
--------------------------------------------------------------------
IETF IPng Working Group Mailing List
IPng Home Page: http://playground.sun.com/ipng
FTP archive: ftp://playground.sun.com/pub/ipng
Direct all administrative requests to [EMAIL PROTECTED]
--------------------------------------------------------------------
