Ed Jankiewicz writes:
> As Jim Bound has stated many times, IETF defines standards not
> deployment, and the Node Requirements revision should reiterate that the
> standard for security in IPv6 is IPsec citing RFC 4301 (successor to
> 2401). OTOH, we at DoD and NIST are certainly addressing deployment
That's an argument for: "if you claim to implement security at all
with IPv6, you must at least implement IPsec as described in {insert
references}."
It's not a good argument for "everyone must implement security in all
cases in order to be considered a good IPv6 citizen, even if they have
no plans to use those security protocols, so there."
> I agree with Hemant (and others' sentiments on this thread) that the
> Node Requirements doc should summarize the requirements for IPv6 nodes,
> and leave the exceptions, extensions and caveats to deployment documents
> like the NIST and DoD profiles and application documents.
If you do that, then the likely outcome is that systems that are
designed to be used in those special, constrained environments where
IPv6 is useful, but IPsec is not, will end up lacking the "IPv6 Ready"
logo and other acceptability marks.
It makes hash of those other profiles by requiring what isn't
necessarily required.
--
James Carlson, Solaris Networking <[EMAIL PROTECTED]>
Sun Microsystems / 35 Network Drive 71.232W Vox +1 781 442 2084
MS UBUR02-212 / Burlington MA 01803-2757 42.496N Fax +1 781 442 1677
--------------------------------------------------------------------
IETF IPv6 working group mailing list
ipv6@ietf.org
Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
--------------------------------------------------------------------
