Pekka,
> I don't know how intentional Russ's wording is, but if it is, this > certainly doesn't address it. > > Russ says, "IKE should be a SHOULD". > > You're written this as, "Key management is a SHOULD. There are a > number of key management techniques, including (but not limited to) > IKE. Even TLS includes key management." > > The reader of the spec could implement kerberos which would leave him > w/o automatic key management for IPsec. The reader might also read > this so that just implementing TLS would be enough, when it clearly > isn't. > > Why don't you just specify either IKEv1 or IKEv2 as a SHOULD, and put > a MAY or some other mention to the rest? The problem is, how to pick between IKEv1 or IKEv2? There is no guidence anywhere on this. However, discussing this point with Russ, his intention was more about Key Management, not specifically IKEv1 or IKEv2, hence my text. My feeling is that one size fits all approach will not be sufficient for all IPv6 deployments. John -------------------------------------------------------------------- IETF IPv6 working group mailing list [EMAIL PROTECTED] Administrative Requests: https://www1.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
