>>>>> On Wed, 23 Feb 2005 17:45:48 -0500, >>>>> "Soliman, Hesham" <[EMAIL PROTECTED]> said:
>> Hmm...I agree with the "realistic" view itself, but unless >> we prohibit >> the use of IPsec, I believe it is overkilling to remove requirements >> (using RFC2119 keywords) when it is used. >> >> Is it so harmful to revise the paragraph to, e.g., the following? >> >> In some cases, it may be acceptable to use statically configured >> security associations with either [IPv6-AH] or [IPv6-ESP] >> to secure >> Neighbor Discovery messages. However, it is important to note that >> statically configured security associations are not scalable >> (especially when considering multicast links) and are therefore >> limited to small networks with known hosts. In any case, when >> [IPv6-AH] is used, received Authentication Headers in Neighbor >> Discovery packets MUST be verified for correctness and >> packets with >> incorrect authentication MUST be ignored. > => ok, fine with me, but I guess there is no reason to exclude [IPv6-ESP] > from > the second last sentence, and as a consequence modify the last sentence > accordingly. > If that's ok I'll update the last two sentences. The reason why I didn't use [IPv6-ESP] was because the succeeding line only said "Authentication Headers", which is specific to AH. I'd basically leave wording details to the document editor, but in this particular case I believe it makes more sense to use "AH" only. JINMEI, Tatuya Communication Platform Lab. Corporate R&D Center, Toshiba Corp. [EMAIL PROTECTED] -------------------------------------------------------------------- IETF IPv6 working group mailing list ipv6@ietf.org Administrative Requests: https://www1.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------