RE: the role of the node "requirements" document

Not quite.. it would be more accurate if you said " 2. "Node running secure protocols MUST support IPsec, an enhanced profile of IPv6 with additional functionality" > 1. "Node running SMTP MUST support ESMTP, and enhanced > profile of SMTP with additional functionality" > > is similar to...

Re: the role of the node "requirements" document

On Feb 29, 2008, at 7:31 AM, Kevin Kargel wrote: > To make a furthur rediculous analogy, SMTP is a wonderfully > functional spec, and it makes perfect sense to mandate that any > devices > utilizing SMTP MUST be compliant to the ESMTP spec RFC2821, but it > would > be rather silly to man

RE: the role of the node "requirements" document

[EMAIL PROTECTED] On >Behalf Of ext Kevin Kargel >Sent: 29 February, 2008 07:31 >To: ipv6@ietf.org >Subject: RE: the role of the node "requirements" document > > To make a furthur rediculous analogy, SMTP is a >wonderfully functional spec, and it makes perfec

RE: the role of the node "requirements" document

To make a furthur rediculous analogy, SMTP is a wonderfully functional spec, and it makes perfect sense to mandate that any devices utilizing SMTP MUST be compliant to the ESMTP spec RFC2821, but it would be rather silly to mandate that ALL IPv6 connected devices be RFC2821 compliant regard

RE: the role of the node "requirements" document

--Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bound, Jim Sent: Thursday, February 28, 2008 12:11 PM To: Ed Jankiewicz; ipv6@ietf.org Cc: Brian E Carpenter Subject: RE: the role of the node "requirements" document I believe all IPv6 nodes SHOULD support

RE: the role of the node "requirements" document

: ipv6@ietf.org > Cc: Brian E Carpenter > Subject: Re: the role of the node "requirements" document > > I lean towards (3) because IPsec without IKE or something is > unmanageable. I could support MUST or SHOULD, or a > conditional statement, and would prefer linking to IK

RE: the role of the node "requirements" document

TED] > Cc: ipv6@ietf.org > Subject: Re: the role of the node "requirements" document > > John, > > > Well, I would say that we (HW, SW, Platform providers) > cannot expect > > to understand all of the ways that their products will be > deployed, so

RE: the role of the node "requirements" document

> -Original Message- > From: Sean Lawless [mailto:[EMAIL PROTECTED] > Kevin and many others against mandating (MUST) for IPSec have a valid > point. Many sensors and other potential IPv6 nodes do not have the > hardware resources to support IPSec, or those resources are > better spent

RE: the role of the node "requirements" document

Hi, Having been through the whole thread, I have to react to this last proposal in regards of operational deployments. I already raised several times the fact that IPsec on routers in NOT a generic requirement. If the "requirements" are generic enough to consider the following

Re: the role of the node "requirements" document

olved with IKE*. (ex. some applications of sensor/actuator or resource limited devices). Thanks, From: Ed Jankiewicz <[EMAIL PROTECTED]> Subject: Re: the role of the node "requirements" document Date: Wed, 27 Feb 2008 16:27:26 -0500 > I lean towards (3) because IPsec without

Re: the role of the node "requirements" document

Greetings all, I've been reading this group for some time and appreciate everyones work. For the most part I have followed the discussions of the past but would now like to throw in my 2 cents. Kevin and many others against mandating (MUST) for IPSec have a valid point. Many sensors and othe

Re: the role of the node "requirements" document

On Feb 27, 2008, at 11:27, Dow Street wrote: > > 3. the Internet *does* need a mandatory security mechanism at the > IP layer, but IPsec *alone* is insufficient (without IKE, key mgmt, > etc) This is what I'd prefer with *one* qualification. I would merely *recommend* it for devices that a

RE: the role of the node "requirements" document

PROTECTED]; ipv6@ietf.org Cc: [EMAIL PROTECTED] Subject: RE: the role of the node "requirements" document >My fear is that if implementations on e.g. sensors show that IPSec is >not affordable for this kind of device, and we put an unconditional >MUST, in a few years from

RE: the role of the node "requirements" document

>My fear is that if implementations on e.g. sensors show that >IPSec is not affordable for this kind of device, and we put an >unconditional MUST, in a few years from now we will have >billions of device which do not respect RFC4294. With a SHOULD >it is the same kind of issue, billions of devi

RE: the role of the node "requirements" document

device will be the exception. Julien -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ed Jankiewicz Sent: mercredi 27 février 2008 13:27 To: ipv6@ietf.org Cc: Brian E Carpenter Subject: Re: the role of the node "requirements" document I lean

Re: the role of the node "requirements" document

I lean towards (3) because IPsec without IKE or something is unmanageable. I could support MUST or SHOULD, or a conditional statement, and would prefer linking to IKEv2 as part of the package. Thomas hinted at the "chicken and egg" problem with IKEv2 - we'd like to mandate it to encourage imp

Re: the role of the node "requirements" document

On 2008-02-28 09:34, James Carlson wrote: > Dow Street writes: >> 1. the Internet *does not* need a mandatory security mechanism at >> the IP layer >> 2. the Internet *does* need a mandatory security mechanism at the IP >> layer, but IPsec is not the right one because it is too heavyweight >>

Re: the role of the node "requirements" document

Dow Street writes: > 1. the Internet *does not* need a mandatory security mechanism at > the IP layer > 2. the Internet *does* need a mandatory security mechanism at the IP > layer, but IPsec is not the right one because it is too heavyweight > 3. the Internet *does* need a mandatory securit

RE: the role of the node "requirements" document

> quick poll - for those opposed to a MUST requirement for > IPsec, what is your driving objection? > My feeling is that we should not introduce mandatory cost factors for end devices. There are many sensor-ish devices that do not require strict security. If it is possible, could we say tha

Re: the role of the node "requirements" document

On Feb 27, 2008, at 9:20 AM, James Carlson wrote: > It's not a good argument for "everyone must implement security in all > cases in order to be considered a good IPv6 citizen, even if they have > no plans to use those security protocols, so there." As I understand it, the current architecture of

Re: the role of the node "requirements" document

James: James Carlson wrote: > Ed Jankiewicz writes: > >> As Jim Bound has stated many times, IETF defines standards not >> deployment, and the Node Requirements revision should reiterate that the >> standard for security in IPv6 is IPsec citing RFC 4301 (successor to >> 2401). OTOH, we at D

Re: the role of the node "requirements" document

Hi Thomas, 2008/2/27, Thomas Narten <[EMAIL PROTECTED]>: > John, > [snip] > > And even today, IPv6 only mandates IPsec (with manual keys). No key > managment. And if there is one thing we have learned from practical > deployments, it's all about key mangement/distribution. That is the > har

Re: the role of the node "requirements" document

Thomas Narten writes: > Thus, continuing to mandate IPsec (while continuing to punt on key > management) just looks silly. Indeed. It's a solution out looking for a problem. -- James Carlson, Solaris Networking <[EMAIL PROTECTED]> Sun Microsystems / 35 Network Drive71.232W

RE: the role of the node "requirements" document

[EMAIL PROTECTED] writes: > James, > > >Ed Jankiewicz writes: > >> As Jim Bound has stated many times, IETF defines standards not > >> deployment, and the Node Requirements revision should reiterate that > >> the standard for security in IPv6 is IPsec citing RFC 4301 > >(successor > >> to 2401

Re: the role of the node "requirements" document

John, > Well, I would say that we (HW, SW, Platform providers) cannot expect > to understand all of the ways that their products will be deployed, > so it is extremely hard to state "security is not needed." That is not what I (and I suspect others) are saying. What I am saying is that security

RE: the role of the node "requirements" document

James, >Ed Jankiewicz writes: >> As Jim Bound has stated many times, IETF defines standards not >> deployment, and the Node Requirements revision should reiterate that >> the standard for security in IPv6 is IPsec citing RFC 4301 >(successor >> to 2401). OTOH, we at DoD and NIST are certainly

Re: the role of the node "requirements" document

Ed Jankiewicz writes: > As Jim Bound has stated many times, IETF defines standards not > deployment, and the Node Requirements revision should reiterate that the > standard for security in IPv6 is IPsec citing RFC 4301 (successor to > 2401). OTOH, we at DoD and NIST are certainly addressing dep

Re: the role of the node "requirements" document

's email that discusses cable. This mailer has enough > cable experienced folks to give their input. > > Hemant > > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of > [EMAIL PROTECTED] > Sent: Wednesday, February 27, 2008 9:55 AM &g

RE: the role of the node "requirements" document

esday, February 27, 2008 9:55 AM To: ipv6@ietf.org Subject: RE: the role of the node "requirements" document > I totally appreciate Alain's concern for cable modem devices with > limited memory for IPv6 but the problem is that IPv6 community decided > as far back as 1998 wi

RE: the role of the node "requirements" document

> I totally appreciate Alain's concern for cable modem devices > with limited memory for IPv6 but the problem is that IPv6 > community decided as far back as 1998 with RFC 2401 that > IPSec is mandatory for IPv6. The events of 1998 are irrelevant. The fact is that this website

RE: the role of the node "requirements" document

http://www.ietf.org/internet-drafts/draft-ietf-6man-node-req-bis-01.t >> xt >> >> Sorry, if I am missing some IETF process. I was expecting the bis >> draft above to be INFORMATIONAL as well. >> >> Thanks. >> >> Best Regards. >> >> Hemant >>

Re: the role of the node "requirements" document

t;> Thanks. >> >> Best Regards. >> >> Hemant >> >> -Original Message- >> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of >> Brian Haberman >> Sent: Tuesday, February 26, 2008 9:27 AM >> To: ipv6@ietf.org &g

Re: the role of the node "requirements" document

PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of > Brian Haberman > Sent: Tuesday, February 26, 2008 9:27 AM > To: ipv6@ietf.org > Subject: Re: the role of the node "requirements" document > > Hemant, > Take a look at the category for RFC 4294 at > http://to

Re: the role of the node "requirements" document

Pekka Savola <[EMAIL PROTECTED]> writes: > The node requirements document, despite its misleading title, is > INFORMATIONAL. It does not represent IETF consensus, so even if the > document would say every IPv6 node MUST implement IPsec, it would mean > basically nothing. You may be correct in

RE: the role of the node "requirements" document

draft above to be INFORMATIONAL as well. Thanks. Best Regards. Hemant -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brian Haberman Sent: Tuesday, February 26, 2008 9:27 AM To: ipv6@ietf.org Subject: Re: the role of the node "requirements" docume

RE: the role of the node "requirements" document

ED] On >Behalf Of ext Brian Haberman >Sent: 26 February, 2008 06:27 >To: ipv6@ietf.org >Subject: Re: the role of the node "requirements" document > >Hemant, > Take a look at the category for RFC 4294 at >http://tools.ietf.org/html/rfc4294. It is Informati

RE: the role of the node "requirements" document

> I totally appreciate Alain's concern for cable modem devices > with limited memory for IPv6 but the problem is that IPv6 > community decided as far back as 1998 with RFC 2401 that > IPSec is mandatory for IPv6. The events of 1998 are irrelevant. The fact is that this website

Re: the role of the node "requirements" document

met to address Alain's concern. > > Hemant > > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of > Pekka Savola > Sent: Tuesday, February 26, 2008 5:05 AM > To: Alain Durand > Cc: [EMAIL PROTECTED]; ipv6@ietf.org; Fred Baker

RE: the role of the node "requirements" document

-- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Pekka Savola Sent: Tuesday, February 26, 2008 5:05 AM To: Alain Durand Cc: [EMAIL PROTECTED]; ipv6@ietf.org; Fred Baker (fred) Subject: the role of the node "requirements" document On Tue, 26 Feb 2008, Alain Durand wrote: > The p

the role of the node "requirements" document

On Tue, 26 Feb 2008, Alain Durand wrote: > The problem is that some of those devices have really limited memory and > they already do (too?) many things, so there is no room left... Some vendors > had to go back at their code and spend a lot of time and effort to clean > things up to make room for