The new wording is good - very clear and (unusual for the IETF) provides a good rationale for the new requirements.
Some minor suggestions: Section 10.1 (Requirements) Just as you state that the IPsec Arch requires key mgmt, would it make sense to also mention that ESP is required and AH is optional, e.g. "As required in [RFC4301], IPv6 nodes implementing the IPsec Architecture MUST implement ESP [RFC4303] and MAY implement AH [RFC4302]." Section 10.2 (Transforms and Algorithms) I would suggest also mentioning the crypto reqs for IKEv2, e.g. "The current set of mandatory-to-implement algorithms for IKEv2 are defined in 'Cryptographic Algorithms for Use in the Internet Key Exchange Version 2 (IKEv2)' [RFC4307]. IPv6 nodes implementing IKEv2 MUST conform to the requirements in [RFC4307] and/or any future updates or replacements to [RFC4307]." Regards, Sheila ________________________________________ From: ipv6-boun...@ietf.org [ipv6-boun...@ietf.org] On Behalf Of Thomas Narten [nar...@us.ibm.com] Sent: Wednesday, August 25, 2010 9:16 AM To: ipv6@ietf.org Subject: Node Requirements: Updated IPsec/IKEv2 text To recap, I presented on the issue of updating the IPsec/IKEv2 text at the 6man meeting in Maastricht, as well as at the SAAG meeting. My sense of both of those discussions is that there is support for changing the general recommendation to a SHOULD. I got some good feedback in SAAG about the wording (refer to the security architecture generally rather than IKEv2, etc.). New proposed text below. Comments? Thomas -------------------------------------------------------------------- IETF IPv6 working group mailing list ipv6@ietf.org Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
