While I agree that by and large security is a good priority, there are cases for lightweight protocols to conserve cost. One example would be remote reporting thermometers that I actually use on IPv4 now. They are non-configurable, they have no settings other than network config. You plug them in, give them an address, and they have a lightweight web server and read-only snmp that will display sensor temperature when queried.
I like to have these sensors scatterred throughout my enterprise. There is nothing to hack, they posess virtually no memory, and if they get hacked my world will not end, I will double check the temperature manually, unpower the device, plug it back in, and it will reload from it's read-only boot rom. I would really prefer that these devices cost $40 instead of $200 . We could put all sorts of security on these devices, making them more expensive than they are worth, or we can plug them in, enjoy their benefits, and accept the risk. I have customers that run computers from live-CD's, who want the network to perform, and are not worried about security. They are only connected while the user is at the keyboard, if they suspect a compromise they reboot and are back where they started. They like the fact that they can have internet cheaply and easily. These customers do not want a secure configuration with pass phrases and keys and whatnot, they want a four click config that gets then online. Whether these use cases are good or bad doesn't really matter, what matters is that they do exist and the customer should have decision making authority for their network. JMHO Kevin > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On > Behalf Of Thomas Narten > Sent: Tuesday, February 26, 2008 2:00 PM > To: Julien Abeille (jabeille) > Cc: [EMAIL PROTECTED]; ipv6@ietf.org; [EMAIL PROTECTED]; > Fred Baker (fred) > Subject: Re: Making IPsec *not* mandatory in Node Requirement > > > - some applications might not require any security, e.g. a light > > sensor = in your flat might not need it and not implement > it, also due > > to the = very low cost of the sensor. > > I agree. There is absolutely no need to prevent my neighbor > (or a bad guy outside my window) from being able to > control/influence light sensors in my house. What possible > harm could they do? > > Who needs security anyway! > > :-) > > Thomas > -------------------------------------------------------------------- > IETF IPv6 working group mailing list > ipv6@ietf.org > Administrative Requests: http://www.ietf.org/mailman/listinfo/ipv6 > -------------------------------------------------------------------- > -------------------------------------------------------------------- IETF IPv6 working group mailing list ipv6@ietf.org Administrative Requests: http://www.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
