>IPSec is mandatory for IPv6 which means that each IPV6 enabled device >must be able to handle IPSec. However, 6LowPAN in its current form >does not address IPSec processing. Thus, strictly speaking, 6LowPAN is >an incomplete IPv6 implementation and there is reason to investigate >if at least basic IPSec support can be added.
IPsec is useful in many scenarios. But it is not an essential requirement for IPv6 per se. Node requirements (RFC4294) mandates IPsec on all types of nodes. However in the context of sensors, IPsec requirement at best is a MAY (definitely not a MUST). >I guess the whole point of assigning IP to a sensor node is to make it >autonomous in all possible ways including security. The IP based >sensor node should be able to establish secure sessions with the >destination device (inside and outside PANs) without the intervention >(or without trusting) any intermediate device such as 6LowPAN gateway >etc.. To do so the obvious choice is IPSec as the traditional internet >is already equipped with it; also, any available upper layer >(Transport to Application) protocol with incur the same overhead as >the IPSec does. IPsec is not necessarily the obvious choice. The choice of IPsec as the security protocol for Mobile IPv6 (RFC3775) for example has created far more complexity than being useful. Security can be accomplished without IPsec. Please do not fall into the trap that IPv6 nodes by default have an IPsec stack and hence all security requirements can be met by IPsec. Alternatives should be evaluated. -Raj _______________________________________________ 6lowpan mailing list [email protected] https://www.ietf.org/mailman/listinfo/6lowpan
