Hi Alain, On Tue, 26 Feb 2008 13:41:37 +0800 Alain Durand <[EMAIL PROTECTED]> wrote:
> The latest draft: draft-ietf-6man-node-req-bis-00.txt > still lists IPsec as mandatory to implement. > > As I mentioned last IETF meeting, this is creating a problem for certain > kind of devices, like cable modems, who have a very limited memory > footprint. Those devices operate in an environment where IPsec is not used > and mandating its implementation has a serious cost: it means that legacy > devices cannot be upgraded to IPv6... > > In DOCSIS 3.0, the decision was to NOT require IPsec implementation on those > devices. I'm sure other environment have made or will make similar choices. > > Moreover, to make the point more general, we are specifying/buying many > other types of devices where we know that IPsec will never be used. Why > should the vendor of those devices have to implement it? Because one day I > might decide to deploy it? IMHO, this is not a good think, because in the > meantime, I will have to run extra code which means extra bugs, more memory > and more risks of miss-configuration. > An alternative argument to making it compulsory is demonstrated by DECT cordless phone standard. The DECT standard made encryption optional, and when I went looking for a DECT home phone that had encryption between the handset and the base station, none of them did. I wanted to avoid the repeat situation of my neighbours accidently or intentionally being able to listen in on my phone calls, which is what used to commonly happen with analog cordless phones. I think the only thing that's providing any level of DECT security at the moment is the lack of USB DECT adaptors. Consumers don't know to ask for it, don't know it's usually in their best interests to ask for it, and since it's optional, the vendors don't include it, because it reduces costs. While higher cost concerns are fair, I'd think the scales of economy and commoditisation of adding IPsec would drop them pretty quickly. Looking at the market turn over I see of ADSL CPE and mobile phones, and their relatively low purchase prices, are limited capacity legacy devices all that much of a concern? Regards, Mark. -------------------------------------------------------------------- IETF IPv6 working group mailing list ipv6@ietf.org Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
