Brian, > If we write a SHOULD we really do need some guidance > as to when it doesn't apply. Otherwise we make it too > easy for product managers to simply cross it off the list. > How about > > The normal expectation is that a complete IPv6 stack > includes an implementation of ESP. However, it is > recognized that some stacks, implemented for low-end > devices that will be deployed for special purposes > where strong security is provided by other protocol > layers, may omit ESP.
We might also want to be more specific such as: s/provided by other protocol layers/provided by higher layer security protocols such as SSH and or SSL/ with appropriate references. Speaking for myself, I want all IPv6 devices to be reasonably secure. For many devices SSH and/or SSL is a fine way to provide secure access. ESP isn't necessary or very useful. Bob -------------------------------------------------------------------- IETF IPv6 working group mailing list ipv6@ietf.org Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------