I won't argue against the fact that security is an important part of a complete solution. The question for me is whether IPsec is the most appropriate solution for highly constrained embedded devices (constrained in energy, memory, compute, and link capabilities). From the few implementation numbers thrown around this thread, it sounds like IPsec is not an option for low-power wireless nodes with 8K RAM, 48K ROM, 128B link MTU, and not to mention that any implementation should leave enough space for an interesting application and should operate for multiple years on modest batteries.
One nice thing is that, given some application scenarios, there are other ways to incorporate sufficient security without the need for IPsec. For example, link-layer security may be sufficient for private networks. Link-layer security may also be sufficient if border routers/gateways attach to other traditional IP networks via encrypted tunnels. I'm not a security expert, nor do I know the complete workings of IPsec. But I'd be curious if people strongly believe or have ideas on ways to squeeze IPsec into devices that I'm interested in. If not, is it at all possible to consider developing an alternative end-to-end security mechanism that is lightweight. I'm not arguing that this should be used between two traditional IP hosts, but that it can be used between a traditional IP host communicating with a low-power, wireless device or two low-power wireless devices communicating directly. Gordon Bell observed that we've seen a new class of computing form about every decade. IP has so far been able to follow these trends, including hand held devices. Now we are at the beginning of yet another class with low-power wireless devices based on IEEE 802.15.4, and the 6lowpan effort within the IETF has set out to bring IPv6 to this new class. I'd be disappointed if we couldn't come to an agreement on how we can appropriately bring this new class into the IP framework. -- Jonathan Hui -------------------------------------------------------------------- IETF IPv6 working group mailing list ipv6@ietf.org Administrative Requests: http://www.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
