"When MUST is specified for IPv6 IPsec, this translates to every device connected to the network, as well as the network itself, MUST support IPsec. For example, that is how the requirement gets passed down by the DoD. Want to do IPv6 for your control network? Fine, but now you need certificates and key exchange, and all of the administrative infrastrucre that goes with these. Where simpler security schemes may have sufficed previously."
You are mixing engineering requirements and deployment requirements. Yes , the hardware and software MUST support IPsec. The customer doesn't *have* to do anything. They can use Mickey's Secret Decoder Ring with IPv6 if they want to. BTW, if anyone knows where I can get an IPv6 enabled Mickey Secret Decoder Ring, let me know. <grin> Sean -------------------------------------------------------------------- IETF IPv6 working group mailing list ipv6@ietf.org Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------