>>>>> On Wed, 23 Feb 2005 17:45:48 -0500,
>>>>> "Soliman, Hesham" <[EMAIL PROTECTED]> said:
>> Hmm...I agree with the "realistic" view itself, but unless
>> we prohibit
>> the use of IPsec, I believe it is overkilling to remove requirements
>> (using RFC2119 keywords) when it is used.
>>
>> Is it so harmful to revise the paragraph to, e.g., the following?
>>
>> In some cases, it may be acceptable to use statically configured
>> security associations with either [IPv6-AH] or [IPv6-ESP]
>> to secure
>> Neighbor Discovery messages. However, it is important to note that
>> statically configured security associations are not scalable
>> (especially when considering multicast links) and are therefore
>> limited to small networks with known hosts. In any case, when
>> [IPv6-AH] is used, received Authentication Headers in Neighbor
>> Discovery packets MUST be verified for correctness and
>> packets with
>> incorrect authentication MUST be ignored.
> => ok, fine with me, but I guess there is no reason to exclude [IPv6-ESP]
> from
> the second last sentence, and as a consequence modify the last sentence
> accordingly.
> If that's ok I'll update the last two sentences.
The reason why I didn't use [IPv6-ESP] was because the succeeding line
only said "Authentication Headers", which is specific to AH. I'd
basically leave wording details to the document editor, but in this
particular case I believe it makes more sense to use "AH" only.
JINMEI, Tatuya
Communication Platform Lab.
Corporate R&D Center, Toshiba Corp.
[EMAIL PROTECTED]
--------------------------------------------------------------------
IETF IPv6 working group mailing list
[email protected]
Administrative Requests: https://www1.ietf.org/mailman/listinfo/ipv6
--------------------------------------------------------------------
