That is a good point, does IPsec depend on unanimous support? We struggled with this in the DoD Profiles. Our rationale for making IPsec mandatory (except at the moment for some simple appliances) was that for IPsec to be a feasible solution it needs to be available throughout the network. We want it to be universally available so that it CAN be used when required. With end-to-end, any two hosts could use IPsec as a solution even if no one else supported it, assuming that nothing in the network blocks its use. However, given recent news items about ISPs and governments wanting to block or throttle certain content, it seems they might also want to block something that could hide that content from their prying eyes.
Even if the revision were to relax the requirement for IPsec (and I don't suggest it should) I believe there should be a strong statement about non-interference in the Node Requirements so that consenting hosts can count on the delivery of packets with IPsec options. As Thomas said a while back, de-mandating IPsec would not make it go away, nor would it remove market incentive for vendors to implement it, so existing and new implementations would still be available. DoD would likely still require it in products, so if a vendor wanted to sell to DoD it would be in their interest to include IPsec. As always, just my personal opinion, not to be construed as policy... Ed J. [EMAIL PROTECTED] wrote: > Julien, > > I guess the point is that some cases and deployment, secuirty is not required > to be used. > However, if you are making a product and you do not include security as part > of the solution, > than IPSec then you have a problem. > > John > > >> Fine with this >> >> The important point as Kevin Kargel mentions is that there ARE >> use cases where security is not required and/or end-to-end >> security is not required and/or IPSec is not required. >> >> Julien >> >> -----Original Message----- >> From: Bound, Jim [mailto:[EMAIL PROTECTED] >> Sent: mardi 26 février 2008 13:24 >> To: Julien Abeille (jabeille); Thomas Narten >> Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED]; >> [EMAIL PROTECTED]; ipv6@ietf.org; Fred Baker (fred) >> Subject: RE: Making IPsec *not* mandatory in Node Requirement >> >> On the contrary some of the laser sensing capabilities now >> could be considered light so I guess it is what we mean by >> "light" technically or from a physics/scientific view I took >> it to be light controlled by sensors. >> >> /jim >> >> >>> -----Original Message----- >>> From: Julien Abeille (jabeille) [mailto:[EMAIL PROTECTED] >>> Sent: Tuesday, February 26, 2008 3:18 PM >>> To: Thomas Narten >>> Cc: [EMAIL PROTECTED]; Bound, Jim; [EMAIL PROTECTED]; >>> [EMAIL PROTECTED]; ipv6@ietf.org; Fred Baker (fred) >>> Subject: RE: Making IPsec *not* mandatory in Node Requirement >>> >>> A sensor can only sense..., you are talking about a light actuator. >>> >>> Julien >>> >>> >>> >>> -----Original Message----- >>> From: Thomas Narten [mailto:[EMAIL PROTECTED] >>> Sent: mardi 26 février 2008 12:00 >>> To: Julien Abeille (jabeille) >>> Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED]; >>> [EMAIL PROTECTED]; [EMAIL PROTECTED]; ipv6@ietf.org; Fred Baker >>> (fred) >>> Subject: Re: Making IPsec *not* mandatory in Node Requirement >>> >>> >>>> - some applications might not require any security, e.g. a light >>>> sensor = in your flat might not need it and not implement >>>> >>> it, also due >>> >>>> to the = very low cost of the sensor. >>>> >>> I agree. There is absolutely no need to prevent my neighbor >>> >> (or a bad >> >>> guy outside my window) from being able to control/influence light >>> sensors in my house. What possible harm could they do? >>> >>> Who needs security anyway! >>> >>> :-) >>> >>> Thomas >>> >>> >> -------------------------------------------------------------------- >> IETF IPv6 working group mailing list >> ipv6@ietf.org >> Administrative Requests: http://www.ietf.org/mailman/listinfo/ipv6 >> -------------------------------------------------------------------- >> >> > -------------------------------------------------------------------- > IETF IPv6 working group mailing list > ipv6@ietf.org > Administrative Requests: http://www.ietf.org/mailman/listinfo/ipv6 > -------------------------------------------------------------------- > > -------------------------------------------------------------------- IETF IPv6 working group mailing list ipv6@ietf.org Administrative Requests: http://www.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
