> -----Original Message----- > From: Duncan, Richard J CTR DISA JITC
> John- > > I can give you the 2 documents: > > DoD IPv6 Standards Profile, Version 2: > http://jitc.fhu.disa.mil/apl/ipv6/pdf/disr_ipv6_product_profile_v2.pdf > > US Government IPv6 Profile Version 1, Draft 2: > http://www.antd.nist.gov/usgv6/usgv6-v1-draft2.pdf > > I would suggest you look at it in the context of the RFC. > The reason is > because these two are different as well. I would agree that someone should reconcile, or at least identify, all the differences, although I don't know that it should be the IETF. I would expect that the rationale for the differences does not lie within the IETF? One difference between RFC 4294 and I-D 4294-bis is that AH was demoted from a MUST to a MAY. Is a specific reference identitied, and I just missed it maybe? I noticed that the latest NIST IPv6 Profile accommodates this change. One MUST that the NIST IPv6 Profile introduced was mandating of OSPFv3 as the routing protocol. Is this because RIPng is not beiong adopted in practice? Small networks should do well with RIPng, I would think, unless RIPng is never used in practice. And in principle, there could be a case made for static routing tables in special cases. I'm not sure why the routing protocol mandate for all Government nets. Same applies to IKEv2. The IETF does not mandate its use, while NIST does. One detail I'm not clear on is whether or why routers, which may well be in non-secure spaces, are required to support ESP. I-D 4294-bis doesn't elaborate - it just says "nodes" must. Older versions of the NIST IPv6 Profile said that routers had to support AH to protect the routing protocols. My assumption is that this rationale, protection of routing protocols, is why now NIST is mandating that routers support ESP, now that AH has been demoted to a MAY. A brief clarification would be welcome. Another mandate in the NIST IPv6 Profile is that both tunneling and dual stack mechanisms be supported in Government networks. But what about small networks that already support dual stacks? They should have no reason to use tunneling as a mechanism for IPv6 transition? Those are some of the issues I saw. I'm sure there are many I didn't focus on. Bert -------------------------------------------------------------------- IETF IPv6 working group mailing list ipv6@ietf.org Administrative Requests: http://www.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
