So, talking about making exceptions to the MUST
IMPLEMENT aspect of ipsec on v6 strikes me as a
really poor idea. First of all, a minimum
implementation of IPsec to fulfill the mandatory
requirements is quite small -- we're not talking
about IKE here. Far more problematic, however, is
the lack of a common security substrate on the
net. We know what that means in practice: no
security at all in the vast majority of cases.
Requiring IPsec at least gets us to the point
where two nodes can have a secure conversation
with any mix of traffic instead of the current
mishmash of incomplete and often insecure other
mechanisms (read: nothing in many important
cases).
I think I also disagree with Jari's
characterization of fixed-purpose devices. The net
is not the PSTN with exactly one application.
Once you've enabled IP, you have instant access to
zillions of applications, and a zillion more to
come. While small boxen certainly will only
implement a small fraction of those applications,
we have not one clue *which* ones they'll be! Some
may very well be UDP based, and thus TLS won't be
of any use. So we'll be back to the same state of
trying to shoe-horn protocols to meet security
requirements via unnatural acts with TLS, often
ill-conceived application layer security, or just
plain ignoring the problem and hoping for the
best.
*Please* let's not go there. For the scant amount
of flash and ram that IPsec requires we get a
common baseline. This is desparately needed so
that we at least have something to proceed from
rather than the current chaos. IPsec is the
security analog to TCP's reliable transport.
Without TCP, protocol and application development
would have been severely hampered. TCP's utility
amongst other things was to simplify networking so
that people other than net weenies could write
applications. The same, I'm afraid, is true of
crypto -- maybe even worse, because a cursory
understanding of transport wasn't all that hard to
come by even 20 years ago, whereas there's not a
surer way of getting people's eyes to glaze over
faster than talking about crypto in my experience.
We really, really need some commonality. Let's
not backtrack.
Mike
OKABE Nobuo writes:
> Thank you for your many feedbacks.
>
> From: Jari Arkko <[EMAIL PROTECTED]>
> Subject: Re: Should IP Security be Optional? [Was RE:
>draft-ietf-ipv6-cellular-host-00.txt -> wg last call?]
> Date: Mon, 04 Mar 2002 15:03:00 +0200
>
> > Francis Dupont wrote:
> >
> > > => yes, ICMP is hard to protect and to use it for small services
> > > does not make things simpler...
> >
> > So, we agree on this at least...
> >
> > > => there is an IAB statement about security. IPsec support was
> > > made mandatory according to this statement and IMHO this was
> > > a big step forward. There are other security mechanisms,
> > > including some at the transport layer (SSL/TLS, IMHO IPsec
> > > is better but real world considerations have to be considered :-)
> > > and some at the application layer, with in some cases a very
> > > different usage (PGP).
> > > I have in favor of to make all core security mechanisms mandatory
> > > (MUST or strong SHOULD), cf RFC 2316 section 10. IPsec is only
> > > the first in the list.
> >
> > I'm partially in favor of this approach, but not entirely.
> > I'd be much more comfortable with trying to make a detailed
> > recommendation on where different mechanisms are applicable
> > and mandated, than try to mandate them all everywhere (likely
> > with less than 100% success among implementors).
> >
> > I think the general approach should be that security
> > is mandatory, but not necessarily same type of security
> > under all circumstances.
>
> I agree.
>
> If a very small host has single application (ex. web),
> the implementer will want to implement an appropriate
> security mechanism only (ex, TLS) because of fitting
> its cost.
>
> It should be our further work to make detailed
> guideline for LCNA part.
>
> ---- nobuo
> --------------------------------------------------------------------
> IETF IPng Working Group Mailing List
> IPng Home Page: http://playground.sun.com/ipng
> FTP archive: ftp://playground.sun.com/pub/ipng
> Direct all administrative requests to [EMAIL PROTECTED]
> --------------------------------------------------------------------
--------------------------------------------------------------------
IETF IPng Working Group Mailing List
IPng Home Page: http://playground.sun.com/ipng
FTP archive: ftp://playground.sun.com/pub/ipng
Direct all administrative requests to [EMAIL PROTECTED]
--------------------------------------------------------------------
