I don't think unanimous support is needed just the support within the domain of use and that could be a private or public network with collaboration with the firewall rules at the edge or the node directly in the case of p2p. On the issue of e2e encrypt/decrypt except the header there are those for many reasons will not want to permit this for the reasons you state is my experience. But do we take social and law enforcement issues into consideration as IETF individuals? We had this debate some time ago and I believe the answer with consensus today might be different. Once while presenting at some form of NGN conference in London on e2e a person who identified them as Law Enforcement asked me if this e2e security existed would that permit bad persons to also be able to do this too (this was after 911) and had to say yes with the caveat I am identifying the technology capability not the social consequences, which is a discussion typically left to the market and those who enforce laws. But yes the same technology we define for good reasons always can be used for bad reasons. But I don't think not doing e2e is going to stop bad intentioned criminals.
/jim > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On > Behalf Of Ed Jankiewicz > Sent: Tuesday, February 26, 2008 6:08 PM > To: ipv6@ietf.org > Cc: [EMAIL PROTECTED] > Subject: Re: Making IPsec *not* mandatory in Node Requirement > > That is a good point, does IPsec depend on unanimous support? > We struggled with this in the DoD Profiles. Our rationale > for making IPsec mandatory (except at the moment for some > simple appliances) was that for IPsec to be a feasible > solution it needs to be available throughout the network. We > want it to be universally available so that it CAN be used > when required. With end-to-end, any two hosts could use > IPsec as a solution even if no one else supported it, > assuming that nothing in the network blocks its use. > However, given recent news items about ISPs and governments > wanting to block or throttle certain content, it seems they > might also want to block something that could hide that > content from their prying eyes. > > Even if the revision were to relax the requirement for IPsec > (and I don't suggest it should) I believe there should be a > strong statement about non-interference in the Node > Requirements so that consenting hosts can count on the > delivery of packets with IPsec options. > > As Thomas said a while back, de-mandating IPsec would not > make it go away, nor would it remove market incentive for > vendors to implement it, so existing and new implementations > would still be available. DoD would likely still require it > in products, so if a vendor wanted to sell to DoD it would be > in their interest to include IPsec. As always, just my > personal opinion, not to be construed as policy... > > Ed J. > > [EMAIL PROTECTED] wrote: > > Julien, > > > > I guess the point is that some cases and deployment, > secuirty is not required to be used. > > However, if you are making a product and you do not include > security > > as part of the solution, than IPSec then you have a problem. > > > > John > > > > > >> Fine with this > >> > >> The important point as Kevin Kargel mentions is that there ARE use > >> cases where security is not required and/or end-to-end security is > >> not required and/or IPSec is not required. > >> > >> Julien > >> > >> -----Original Message----- > >> From: Bound, Jim [mailto:[EMAIL PROTECTED] > >> Sent: mardi 26 février 2008 13:24 > >> To: Julien Abeille (jabeille); Thomas Narten > >> Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED]; > [EMAIL PROTECTED]; > >> ipv6@ietf.org; Fred Baker (fred) > >> Subject: RE: Making IPsec *not* mandatory in Node Requirement > >> > >> On the contrary some of the laser sensing capabilities now > could be > >> considered light so I guess it is what we mean by "light" > technically > >> or from a physics/scientific view I took it to be light > controlled by > >> sensors. > >> > >> /jim > >> > >> > >>> -----Original Message----- > >>> From: Julien Abeille (jabeille) [mailto:[EMAIL PROTECTED] > >>> Sent: Tuesday, February 26, 2008 3:18 PM > >>> To: Thomas Narten > >>> Cc: [EMAIL PROTECTED]; Bound, Jim; [EMAIL PROTECTED]; > >>> [EMAIL PROTECTED]; ipv6@ietf.org; Fred Baker (fred) > >>> Subject: RE: Making IPsec *not* mandatory in Node Requirement > >>> > >>> A sensor can only sense..., you are talking about a light > actuator. > >>> > >>> Julien > >>> > >>> > >>> > >>> -----Original Message----- > >>> From: Thomas Narten [mailto:[EMAIL PROTECTED] > >>> Sent: mardi 26 février 2008 12:00 > >>> To: Julien Abeille (jabeille) > >>> Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED]; > >>> [EMAIL PROTECTED]; [EMAIL PROTECTED]; ipv6@ietf.org; Fred Baker > >>> (fred) > >>> Subject: Re: Making IPsec *not* mandatory in Node Requirement > >>> > >>> > >>>> - some applications might not require any security, e.g. a light > >>>> sensor = in your flat might not need it and not implement > >>>> > >>> it, also due > >>> > >>>> to the = very low cost of the sensor. > >>>> > >>> I agree. There is absolutely no need to prevent my neighbor > >>> > >> (or a bad > >> > >>> guy outside my window) from being able to control/influence light > >>> sensors in my house. What possible harm could they do? > >>> > >>> Who needs security anyway! > >>> > >>> :-) > >>> > >>> Thomas > >>> > >>> > >> > -------------------------------------------------------------------- > >> IETF IPv6 working group mailing list > >> ipv6@ietf.org > >> Administrative Requests: http://www.ietf.org/mailman/listinfo/ipv6 > >> > -------------------------------------------------------------------- > >> > >> > > -------------------------------------------------------------------- > > IETF IPv6 working group mailing list > > ipv6@ietf.org > > Administrative Requests: http://www.ietf.org/mailman/listinfo/ipv6 > > -------------------------------------------------------------------- > > > > > > > -------------------------------------------------------------------- > IETF IPv6 working group mailing list > ipv6@ietf.org > Administrative Requests: http://www.ietf.org/mailman/listinfo/ipv6 > -------------------------------------------------------------------- > -------------------------------------------------------------------- IETF IPv6 working group mailing list ipv6@ietf.org Administrative Requests: http://www.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
