Re: Making IPsec *not* mandatory in Node Requirement ( was Re: Updates to Node Requirements-bis (UNCLASSIFIED))

2008-03-01 Thread Mark Smith
Hi Alain, On Tue, 26 Feb 2008 13:41:37 +0800 Alain Durand [EMAIL PROTECTED] wrote: The latest draft: draft-ietf-6man-node-req-bis-00.txt still lists IPsec as mandatory to implement. As I mentioned last IETF meeting, this is creating a problem for certain kind of devices, like cable modems,

Re: Making IPsec *not* mandatory in Node Requirement ( was Re: Updates to Node Requirements-bis (UNCLASSIFIED))

2008-02-27 Thread Jean-Michel Combes
Hi Alain, you raise the existential question about the security (except for dedicated security services like VPN): why to pay for something that might be never used? :) This is exactly the same problem I have today with airbags in the cars: I pay them when I buy a car (i.e. cost), I cannot

RE: Updates to Node Requirements-bis (UNCLASSIFIED)

2008-02-26 Thread Manfredi, Albert E
-Original Message- From: Pekka Savola [mailto:[EMAIL PROTECTED] NIST's goal was probably, some implementations on the field just support static and maybe RIPng. We want to mandate something more scalable, and OSPFv3 is as good an option as any. I completely agree. And, if the

Re: Updates to Node Requirements-bis (UNCLASSIFIED)

2008-02-26 Thread Vishwas Manral
Hi Albert, Instead of mandating every protocol, would it be helpful to further break the functionality into two subclasses and have seperate requirements in such cases. I do not like the idea of having to impose a superset of the requirements for all such nodes. In my view such functionality

RE: Updates to Node Requirements-bis (UNCLASSIFIED)

2008-02-26 Thread Manfredi, Albert E
-Original Message- From: Vishwas Manral [mailto:[EMAIL PROTECTED] Sent: Tuesday, February 26, 2008 10:58 AM To: Manfredi, Albert E Cc: Pekka Savola; ipv6@ietf.org Subject: Re: Updates to Node Requirements-bis (UNCLASSIFIED) Hi Albert, Instead of mandating every protocol, would

RE: Updates to Node Requirements-bis (UNCLASSIFIED)

2008-02-25 Thread Duncan, Richard J CTR DISA JITC
Classification: UNCLASSIFIED Caveats: NONE John- Is there also anyway the new node requirements RFC could be somewhat reconciled with the new US Government IPv6 Profile and the DoD IPv6 Profile? It would probably keep the confusion down a bit. 01010011 01100101 01101101 0111 01100101

RE: Updates to Node Requirements-bis (UNCLASSIFIED)

2008-02-25 Thread john.loughney
Jeremy, Is there also anyway the new node requirements RFC could be somewhat reconciled with the new US Government IPv6 Profile and the DoD IPv6 Profile? It would probably keep the confusion down a bit. Would you be able to provide a summary of the differences? Also, are the US Government

RE: Updates to Node Requirements-bis (UNCLASSIFIED)

2008-02-25 Thread Duncan, Richard J CTR DISA JITC
to Node Requirements-bis (UNCLASSIFIED) Jeremy, Is there also anyway the new node requirements RFC could be somewhat reconciled with the new US Government IPv6 Profile and the DoD IPv6 Profile? It would probably keep the confusion down a bit. Would you be able to provide a summary

Re: Updates to Node Requirements-bis (UNCLASSIFIED)

2008-02-25 Thread Ed Jankiewicz
, Richard J CTR DISA JITC; ipv6@ietf.org Subject: RE: Updates to Node Requirements-bis (UNCLASSIFIED) Jeremy, Is there also anyway the new node requirements RFC could be somewhat reconciled with the new US Government IPv6 Profile and the DoD IPv6 Profile? It would probably keep the confusion

RE: Updates to Node Requirements-bis (UNCLASSIFIED)

2008-02-25 Thread john.loughney
, Richard J CTR DISA JITC; Loughney John (Nokia-OCTO/PaloAlto) Subject: Re: Updates to Node Requirements-bis (UNCLASSIFIED) I recently took a pass through both the USG and DoD documents to identify differences. I am also planning to compare the DoD doc against this draft. I will gladly share those

RE: Updates to Node Requirements-bis (UNCLASSIFIED)

2008-02-25 Thread Manfredi, Albert E
-Original Message- From: Duncan, Richard J CTR DISA JITC John- I can give you the 2 documents: DoD IPv6 Standards Profile, Version 2: http://jitc.fhu.disa.mil/apl/ipv6/pdf/disr_ipv6_product_profile_v2.pdf US Government IPv6 Profile Version 1, Draft 2:

Re: Updates to Node Requirements-bis (UNCLASSIFIED)

2008-02-25 Thread Fred Baker
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Feb 26, 2008, at 5:24 AM, Manfredi, Albert E wrote: One detail I'm not clear on is whether or why routers, which may well be in non-secure spaces, are required to support ESP. I-D 4294- bis doesn't elaborate - it just says nodes must. The

Re: Updates to Node Requirements-bis (UNCLASSIFIED)

2008-02-25 Thread Fred Baker
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Feb 26, 2008, at 1:03 AM, Duncan, Richard J CTR DISA JITC wrote: Is there also anyway the new node requirements RFC could be somewhat reconciled with the new US Government IPv6 Profile and the DoD IPv6 Profile? I find myself of two minds

Making IPsec *not* mandatory in Node Requirement ( was Re: Updates to Node Requirements-bis (UNCLASSIFIED))

2008-02-25 Thread Alain Durand
The latest draft: draft-ietf-6man-node-req-bis-00.txt still lists IPsec as mandatory to implement. As I mentioned last IETF meeting, this is creating a problem for certain kind of devices, like cable modems, who have a very limited memory footprint. Those devices operate in an environment where

RE: Updates to Node Requirements-bis (UNCLASSIFIED)

2008-02-25 Thread Pekka Savola
On Mon, 25 Feb 2008, Manfredi, Albert E wrote: One MUST that the NIST IPv6 Profile introduced was mandating of OSPFv3 as the routing protocol. Is this because RIPng is not beiong adopted in practice? Small networks should do well with RIPng, I would think, unless RIPng is never used in