The latest draft: draft-ietf-6man-node-req-bis-00.txt still lists IPsec as mandatory to implement.
As I mentioned last IETF meeting, this is creating a problem for certain kind of devices, like cable modems, who have a very limited memory footprint. Those devices operate in an environment where IPsec is not used and mandating its implementation has a serious cost: it means that legacy devices cannot be upgraded to IPv6... In DOCSIS 3.0, the decision was to NOT require IPsec implementation on those devices. I'm sure other environment have made or will make similar choices. Moreover, to make the point more general, we are specifying/buying many other types of devices where we know that IPsec will never be used. Why should the vendor of those devices have to implement it? Because one day I might decide to deploy it? IMHO, this is not a good think, because in the meantime, I will have to run extra code which means extra bugs, more memory and more risks of miss-configuration. I would like to suggest that the node requirements remove any mention of IPsec being mandatory to implement and instead includes text in the line of: "if you are going to implement IPsec, here is what you should/must do". - Alain. -------------------------------------------------------------------- IETF IPv6 working group mailing list [email protected] Administrative Requests: http://www.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
