Thomas, Why do you believe MIP6 did not simply adopt the same security model as MIP4 and instead choose IPsec? It was because of the view that IPsec support in IPv6 by default exists and hence should be used.
And the IESG statement in RFC4285 needs to be revisited and deprecated because the arguments that were the basis for it to be inserted do not apply in many deployments (especially in networks which do not care about the route-optimization feature). -Raj On 2/27/08 10:58 AM, "ext Thomas Narten" <[EMAIL PROTECTED]> wrote: > Basavaraj Patil <[EMAIL PROTECTED]> writes: > >> I agree with Thomas about his views on IPsec being a mandatory and >> default component of the IPv6 stack. Because of this belief, Mobile >> IPv6 (RFC3775) design relied on IPsec for securing the >> signaling. This has lead to complexity of the protocol and not >> really helped either in adoption or implementation. > > To be clear, this is a simplistic explanation. Had IPsec (and IKE) not > been used for MIPv6, they would have had to invent a whole new > security protocol for securing things. As we know, coming up with yet > another security mechanism is hugely problematic for the IETF. It is > far from clear that the MIPv6 WG had the necessary competence to do > this, and it is far from clear that the security community would have > found the problem space interesting enough to help the WG get it > right. > >> IPsec based security is an overkill for Mobile IPv6 and illustrates >> the point that you do not have to use it simply because it happens >> to be an integral part of IPv6. > > THe reason for choosing IPsec was not just because it was "part of > IPv6". It was also chosen because there wasn't really another obvious > alternative to use. And inventing a new one would have been > duanting. (And please don't point to RFC 4285 as the solution. The > IESG note that goes with that document is not to be dismissed > lightly.) > > Thomas -------------------------------------------------------------------- IETF IPv6 working group mailing list ipv6@ietf.org Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
