Pekka, The node requirement draft as I read it from
http://www.ietf.org/internet-drafts/draft-ietf-6man-node-req-bis-01.txt is on Standards Track. Did I miss anything because you think this node requirement doc is an INFORMATIONAL draft? As for IPSec and IPv6, indeed it is true that IPSec is mandatory for IPv6, unlike IPv4. If one wants an RFC reference that says IPSec is mandatory for IPv6, please refer to RFC 2401 or RFC 4301 (Security Architecture for the Internet Protocol). Snipped from the RFC's is section 10 shown below between square brackets. [10. Conformance Requirements All IPv4 systems that claim to implement IPsec MUST comply with all requirements of the Security Architecture document. All IPv6 systems MUST comply with all requirements of the Security Architecture document.] I totally appreciate Alain's concern for cable modem devices with limited memory for IPv6 but the problem is that IPv6 community decided as far back as 1998 with RFC 2401 that IPSec is mandatory for IPv6. Cable IPv6 standards came much later. We will have to see what common ground can be met to address Alain's concern. Hemant -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Pekka Savola Sent: Tuesday, February 26, 2008 5:05 AM To: Alain Durand Cc: [EMAIL PROTECTED]; [email protected]; Fred Baker (fred) Subject: the role of the node "requirements" document On Tue, 26 Feb 2008, Alain Durand wrote: > The problem is that some of those devices have really limited memory > and they already do (too?) many things, so there is no room left... > Some vendors had to go back at their code and spend a lot of time and > effort to clean things up to make room for the very basic IPv6 code, so every kb count. > > The whole idea of asking them to do extra efforts to implement a > functionality that is not needed and that will introduce bugs & > instability is not very appealing. > > Again, this last argument applies also to devices that do not have > memory > problems: if I do not need functionality X, I'd rather like not to > have it implemented as it will lower the operational risks. I think this discussion somewhat misses the point because some folks feel informational roadmap documents have more weight than they actually do (according to IETF procedures, or even in practice in vendors' feature planning). (E.g., there was similar discussion about RFC4614.) The node requirements document, despite its misleading title, is INFORMATIONAL. It does not represent IETF consensus, so even if the document would say every IPv6 node MUST implement IPsec, it would mean basically nothing. Where is a Standards Track or BCP document that says IPsec is mandatory? If vendors need to make tradeoffs of what they implement or don't implement, that's their call. They can't call that product to be "RFC4294 compliant", "RFC4301 compliant", claim it supports IPsec, or claim it's "RFCxxxx" compliant (where xxxx corresponds to an RFC number which mandates IPsec). That's all. The product also might not get IPv6 ready logo certifications and such, but that's not IETF's business anyway. -- Pekka Savola "You each name yourselves king, yet the Netcore Oy kingdom bleeds." Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings -------------------------------------------------------------------- IETF IPv6 working group mailing list [email protected] Administrative Requests: http://www.ietf.org/mailman/listinfo/ipv6 -------------------------------------------------------------------- -------------------------------------------------------------------- IETF IPv6 working group mailing list [email protected] Administrative Requests: http://www.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
