I see what your saying but for security if we know IKEv2 is superior then we I think must mandate it and this is the case over IKEv1. Fully supportive of being conscious of the reality of pain to the market and vendors for implementation but when it is a network health issue then we have to do the next right thing in the IETF. IKEv2 is clearly better. Regarding management of PKI etc that is a red herring argument orthogonal to the technical work on a function in the IETF like IKEv2. The market will sort out that deployment automatiion issue we need to spec out and define technical criteria for a specification. Adding foot note that without PKI etc. this will not work well is fine. Thus if apples-x grown in region-x cause ones legs to cramp but apples-y grown in region-y do not the social agency reporting on such things has the responsibility to say apples-y do less harm to you than apples-x. In this specific case as a protocol the IETF is the social agency above. But the market is requiring IKEv2 now and most vendors have figured out it is a done deal if they want to maintain competitive parity in the market.
/jim > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On > Behalf Of Hesham Soliman > Sent: Wednesday, February 27, 2008 7:45 AM > To: 'Thomas Narten'; 'Nobuo OKABE' > Cc: [EMAIL PROTECTED]; ipv6@ietf.org; [EMAIL PROTECTED] > Subject: RE: Making IPsec *not* mandatory in Node Requirement > > > > > > As a general "node requirement", SHOULD is the right > level, not MUST. > > => +1 > Apart from the technical discussion of whether IPsec is > actually useful for applications ....etc. The way KEYWORDS > are defined, a MUST makes little sense because IPv6 will not > break without IPsec. > > The argument for mandating IKEv1/IKEv2 is not so dependent, > IMHO, on their availability; it rather depends on the > availability of widley used credentials that would make us > think mandating IKEvx will actually result in it being used :) > > Hesham > > > > > Thomas > > > -------------------------------------------------------------------- > > IETF IPv6 working group mailing list > > ipv6@ietf.org > > Administrative Requests: http://www.ietf.org/mailman/listinfo/ipv6 > > > -------------------------------------------------------------------- > > > > > -------------------------------------------------------------------- > IETF IPv6 working group mailing list > ipv6@ietf.org > Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 > -------------------------------------------------------------------- > -------------------------------------------------------------------- IETF IPv6 working group mailing list ipv6@ietf.org Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
