On Fri, 6 Jan 2006, Jari Arkko wrote:
By the way, there are also substantive changes in the
new IPsec documents. For instance, AH support is no
longer a MUST. I think this should be reflected in the
node requirements document too, as that currently
says "AH [RFC-2402] MUST be supported.".
There's probably an impact in the algorithms and key
management sections, too...
Do we need or want to change these at this point?
Obsoleting is just, well.. obsoleting. The implementations conforming
to the old specs aren't going away any time soon.
I guess the proper resolution depends on whether we want the document
focus on:
1) what we think the node requirements are now (or were a year ago)
2) what we think the node requirements should be in a couple of years
(as nobody is fulfilling them at present)
3) what we think the node requirements would be in an "ideal world"
(where only specifications exist, not implementations)
FWIW, I have a document in a slightly similar situation (but still
different as it's not a requirements doc) but not so far in the
process (draft-ietf-v6ops-ipsec-tunnels-01.txt). It covers both IKEv1
and IKEv2, and both old and new IPsec architectures. Even though the
old ones are now obsolete, I'm not going to remove the support and
text on the obsolete ones.
--
Pekka Savola "You each name yourselves king, yet the
Netcore Oy kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings
--------------------------------------------------------------------
IETF IPv6 working group mailing list
ipv6@ietf.org
Administrative Requests: https://www1.ietf.org/mailman/listinfo/ipv6
--------------------------------------------------------------------
