On 2010-07-25 05:42, Laganier, Julien wrote: ... > So if we could come up with processing power and memory values under which a > device is considered constrained (e.g., less than 50MHz and 8MB memory) and > IPsec downgrades from a MUST to a SHOULD it seems to me we'd have cleared the > way.
That is truly an engineering decision for a given implementor. I can't imagine any values we could choose today that would still be valid twenty years from now; and we need to think of this RFC still (perhaps) being used in twenty years. It's very clear from the IPv4 market, where IPsec/IKE(v2) have exactly the same value from a security view, that the industry sees this as a SHOULD requirement. Apart from a vain attempt to validate the myth that IPv6 is in some way more secure than IPv4, I can't see any advantage in deviating from a straightforward RFC 2119 SHOULD. Vendors will do what they will do. Brian -------------------------------------------------------------------- IETF IPv6 working group mailing list ipv6@ietf.org Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------