On Feb 27, 2008, at 11:27, Dow Street wrote: > > 3. the Internet *does* need a mandatory security mechanism at the > IP layer, but IPsec *alone* is insufficient (without IKE, key mgmt, > etc)
This is what I'd prefer with *one* qualification. I would merely *recommend* it for devices that are capable of IPv6 communication only with peers at link-local scope addresses over links that implement their own link-layer security. I say this from the experience of watching IEEE 802.11 progress from "security is optional" to "we messed up security really bad, sorry about that" to "security is strongly recommended, no really, everybody uses it now," and soon to "security is absolutely mandatory, we will kidnap your family and disappear you to jail if you don't secure your network." I'll be sad if I have to go through that again with IPv6. -- james woodyatt <[EMAIL PROTECTED]> member of technical staff, communications engineering -------------------------------------------------------------------- IETF IPv6 working group mailing list ipv6@ietf.org Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------