Hi all, > I do agree that the ESP and AH are really > simple and easy compared to the rest. Unfortunately, > this isn't going to be quite as easy as that. > > As we point out in section 3.8 the current > cellular networks sometimes have dynamic IP > address changes, and therefore manually keyed IPsec > isn't going to work as such and key management is > needed. While there might be multiple options > here, interoperability is a concern and hence > I feel that we must have a mandated key management > scheme. In the cellular host requirements draft, we > have chosen to say that IKE is a MUST in those > cases where we mandate IPsec. Do you disagree? > > (In a way you could say that the cellular draft goes > *beyond* what the current IETF MUSTs are, given > that we mandate a full security solution in all cases, > though at the same time we don't mandate the current > requirement of AH and ESP in all cases.) > > Anyway, this is just *our* proposal on what we think > would make sense. But the document is controlled by the > WG; please state your proposed security MUSTs for > IPv6 hosts, cellular or otherwise. Mike, what would you > like to have there, for instance?
Just to add onto Jari - it would be a no-brainer to state that IPsec (AH & ESP) MUST be supported, IKE MAY/SHOULD be supported. However, does this give users anything? Will it increase security for these devices, or is it just something that will make folks happy? The authors prefer to have a reasonable discussion on security within the draft. Knowledge of the field of Internet Security has increased since some of the initial IPv6 documents were published ... thanks, John -------------------------------------------------------------------- IETF IPng Working Group Mailing List IPng Home Page: http://playground.sun.com/ipng FTP archive: ftp://playground.sun.com/pub/ipng Direct all administrative requests to [EMAIL PROTECTED] --------------------------------------------------------------------
