|
Read
the IPsec arch spec and other specs. IPsec is a MUST according to us in
the IETF for ANY IPv6 implementation.
As an
implementor I would not implement any IPv6 incantation with IPv6 because I
believe to not implement all MUSTs in a spec is not wise.
Now if
at indusrtry implementation forums or bake-offs implementors find the spec don't
work they stop and come tell the IETF. For IPsec that is not the case it
does work. Clearly PKI to IKE interface is a problem for vendors as that
usually requires melding a 3rd party key mgmt infrastructure to your
implementation. But that is not the IETFs problem per se (though they do
need to hear the technical issues).
This
does not mean an implementor cannot use alternative methods to secure devices
but to be compliant with the IETF IPsec architecture any implementation MUST do
it.
Users
may or may not use our recommendations that is up to the market we have no
control over that in the market. I personally support them adopting IPv6
as one critical method for securing IP layer communications.
But it is not the only
one that they need.
This is my view and you should get others views too. That is
how I read the specs.
regards,
/jim
� |
Title: Message
- RE: IPSec Implementaion. Bound, Jim
- Re: IPSec Implementaion. Mohammad Feroz
- RE: IPSec Implementaion. Bound, Jim
- RE: IPSec Implementaion. Steve Pollock
