Hi Julien. Just commenting on your last point..
> We should still make sure that every IPv6 node has means to protect > its network layer, and make both IPsec and IKEv2 MUST implement. I'd > be fine with documenting an exception for constrained nodes where it > is not possible to fulfill the requirements, e.g., "Support of both > IPsec and IKEv2 is a MUST for IPv6 nodes, except for constrained > devices that cannot support implementations of IPsec and IKE." The difficulty with such wording is we now start arguing about what a "constrained device" is. This is a judgement call, and is often not about whether it can be done, but whether it should be done at the expense of some other feature deemed more valuable to device's main function. Or by increasing the cost of the device (by adding more memory, etc.) I do like the idea of clarifying that network layer security is a good general thing and that IPsec/IKE is the solution for that. But this still begs the question in that network layer security is simply not a requirement for all applications and usages of an IP device (IMO). Thomas -------------------------------------------------------------------- IETF IPv6 working group mailing list ipv6@ietf.org Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
