Hi all, # I'm surprised that opinion in the ML has changed from 2002.
I agree that IPsec is not a universal security tool as many people had pointed out. I also would like to say that IPsec is still one of the useful tools. So, SHOULD seems good to me. Thanks, From: Thomas Narten <[EMAIL PROTECTED]> Subject: Re: Making IPsec *not* mandatory in Node Requirement Date: Tue, 26 Feb 2008 11:18:33 -0500 > IMO, we need to get over the idea that IPsec is mandatory in > IPv6. Really. Or that mandating IPsec is actually useful in practice. > > It is the case that mandating IPsec as part of IPv6 has contributed to > the hype about how great IPv6 is and how one will get better security > with IPv6. Unfortunately, that myth has also harmed the overall IPv6 > deployment effort, as people look more closely and come to understand > that deploying IPv6 doesn't automatically/easily yield improved > security. > > We all know the reality of security is very different and much more > complicated/nuanced then just saying "use IPsec". > > Consider: > > IPsec by itself (with no key management) is close to useless. The > average person cannot configure static keys, so the result is (in > effect) a useless mandate (as a broad mandate for ALL nodes). > > What applications actually make use of IPsec for security? A lot fewer > than one might think. For many IPv6 devices/nodes, if one actually > looks at the applications that will be used on them, they do not use > IPsec today for security. And, there are strong/compelling arguments > for why IPsec is not the best security solution for many applications. > Thus, requiring IPsec is pointless. > > To be truly useful, we (of course) need key management. If we want to > mandate key management, the stakes go way up. IKEv1/v2 is not a small > implementation effort. And, we are now in the funny situation where > IKEv1 has been implemented, but due to shortcomings, IKEv2 has already > been developed. IKEv2 has been out for over 2 years, but > implementations are not widespread yet. So, would we mandate IKEv1 > (which is obsoleted and has documented issues), or do we mandate > IKEv2, even though it is clear it is not widely available yet? > > IMO, we should drop the MUST language surrounding IPsec. The technical > justification for making it MUST are simply not compelling. It seems > to me that the MUST is there primarily for historical/marketing > reasons. > > Note that dropping the MUST will not mean people stop implementing > IPsec, where there is compelling benefit. Indeed, note that the USG > has already moved away from IKEv1 and has strongly signalled that it > will require IKEv2 going forward. So I am confident that IPsec (and > IKE) will get implemented going forward. > > But there is no reason why IPsec should be mandated in devices where > it is clear (based on the function/purpose of the device) that IPsec > will in fact not actually be used. > > As a general "node requirement", SHOULD is the right level, not MUST. > > Thomas > -------------------------------------------------------------------- IETF IPv6 working group mailing list ipv6@ietf.org Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
