Thank you for your many feedbacks. From: Jari Arkko <[EMAIL PROTECTED]> Subject: Re: Should IP Security be Optional? [Was RE: draft-ietf-ipv6-cellular-host-00.txt -> wg last call?] Date: Mon, 04 Mar 2002 15:03:00 +0200
> Francis Dupont wrote: > > > => yes, ICMP is hard to protect and to use it for small services > > does not make things simpler... > > So, we agree on this at least... > > > => there is an IAB statement about security. IPsec support was > > made mandatory according to this statement and IMHO this was > > a big step forward. There are other security mechanisms, > > including some at the transport layer (SSL/TLS, IMHO IPsec > > is better but real world considerations have to be considered :-) > > and some at the application layer, with in some cases a very > > different usage (PGP). > > I have in favor of to make all core security mechanisms mandatory > > (MUST or strong SHOULD), cf RFC 2316 section 10. IPsec is only > > the first in the list. > > I'm partially in favor of this approach, but not entirely. > I'd be much more comfortable with trying to make a detailed > recommendation on where different mechanisms are applicable > and mandated, than try to mandate them all everywhere (likely > with less than 100% success among implementors). > > I think the general approach should be that security > is mandatory, but not necessarily same type of security > under all circumstances. I agree. If a very small host has single application (ex. web), the implementer will want to implement an appropriate security mechanism only (ex, TLS) because of fitting its cost. It should be our further work to make detailed guideline for LCNA part. ---- nobuo -------------------------------------------------------------------- IETF IPng Working Group Mailing List IPng Home Page: http://playground.sun.com/ipng FTP archive: ftp://playground.sun.com/pub/ipng Direct all administrative requests to [EMAIL PROTECTED] --------------------------------------------------------------------
