Tony, > For those that have forgotten, the entire reason for mandating IPsec is to > get away from the 47 flavors of security that are never really configured > correctly or completely understood. Yes for any given situation someone can > design an optimized protocol, but as soon as the situation changes the > optimization no longer applies, and may expose unexpected holes. This was in > fact happening at the time the mandate was put in.
Right. Having one way to do things is far better than having 47. But if we look at the reality of things, IPsec (and we have to include IKE in evaluating this), IPsec just isn't the ideal one-size-fits-all technology we'd like it to be. For example, one big problem is the lack of a proper API for applications to communicate with IPsec to select services and verify that a certain level of security is present. Second, good security says "don't trust anyone but yourself". So, do you trust the OS you are running on? Do you trust the IPsec embedded in the system that was implemented by a third party? Smart applications implement their own security (e.g., TLS) to ease deployment. We'll never get them to rely on IPsec, at least not until its much more widely available/useable. There are other examples. To channel Randy Bush: > o the net should have mandatory crypto period > > o ipsec sucks This is the dilemma we are in. Personally, I think we are exhibiting a bit of head-in-the-sand mentality to continue saying IPsec is a MUST, when we don't even bother include IKE! IPsec without key management is useless except in very narrow deployment scenarios. > As I recall we had a lengthy argument about this, and really don't need to > reopen it now. If there is not a single mandatory-to-implement protocol, > there is no way to assure that two random products will have a common means > of secure communication. Sure. But I can also see lots of devices that (because of the mix of applications/functionality of the device) simply won't use IPsec becuase it doesn't make sense. Why MUST they implement IPsec when it won't actually get used? If you look at reality, IPsec is not the universal crypto suite. I suspect the market has spoken. > Alain's original post is completely bogus. If his devices don't need IPsec, > he is free to tell his vendors not to load it in the image. That is not a > reason to change node-requirements. He is in a closed environment and knows > that a random device will not appear that doesn't speak the security > protocol for that closed environment. I agree with this as well. In the case of cable modems, Alain shouldn't care about what node requirements says. Thomas -------------------------------------------------------------------- IETF IPv6 working group mailing list ipv6@ietf.org Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------