Mike wrote: > > Good points. So are you saying we should > > mandate ESP and AH but it's ok not to mandate > > IKE? and perhaps use something else for > > key distribution? > > I think the v6 host requirements struck the right > balance: require the IP packet layer transforms, > and be silent on key distribution. Key > distribution is clearly a huge problem, but IPsec > doesn't mandate a single solution so I don't see > why the cellular requirements draft should either. > You can run IPsec with manually configured keys, > after all, so at a base level you can get > interoperability. This is foward progress IMO, > even though we clearly need more going forward.
I do agree that the ESP and AH are really simple and easy compared to the rest. Unfortunately, this isn't going to be quite as easy as that. As we point out in section 3.8 the current cellular networks sometimes have dynamic IP address changes, and therefore manually keyed IPsec isn't going to work as such and key management is needed. While there might be multiple options here, interoperability is a concern and hence I feel that we must have a mandated key management scheme. In the cellular host requirements draft, we have chosen to say that IKE is a MUST in those cases where we mandate IPsec. Do you disagree? (In a way you could say that the cellular draft goes *beyond* what the current IETF MUSTs are, given that we mandate a full security solution in all cases, though at the same time we don't mandate the current requirement of AH and ESP in all cases.) Anyway, this is just *our* proposal on what we think would make sense. But the document is controlled by the WG; please state your proposed security MUSTs for IPv6 hosts, cellular or otherwise. Mike, what would you like to have there, for instance? Jari -------------------------------------------------------------------- IETF IPng Working Group Mailing List IPng Home Page: http://playground.sun.com/ipng FTP archive: ftp://playground.sun.com/pub/ipng Direct all administrative requests to [EMAIL PROTECTED] --------------------------------------------------------------------
