touche. IETF documents remain "current" unless obsoleted by another RFC. The corpus is cumulative, so we have to follow the precedent, even from the deep dark early days like 1998, or document there is consensus that a spec no longer applies (e.g. RFC 4966 rendering RFC 2766 NAT-PT historic.)
As Jim Bound has stated many times, IETF defines standards not deployment, and the Node Requirements revision should reiterate that the standard for security in IPv6 is IPsec citing RFC 4301 (successor to 2401). OTOH, we at DoD and NIST are certainly addressing deployment issues - and in fact we do draw distinctions between Big Honking devices and smaller devices to "escape" some requirements where they will not be needed. Our deployment plans do not impose anything on the general community. Similarly, application specifics (for low power sensors, mobility, CPE etc.) can be separately documented, and in keeping with the "first do no harm" principle, as long as they don't interfere with anyone else's use of IPsec, it is reasonable for them to make their own exceptions. Let the buyer beware. As far as I know, DoD will probably only buy stuff with IPsec, but if an ISP doesn't think they need it in their CPE, they should be free to save the development cost and memory space. I agree with Hemant (and others' sentiments on this thread) that the Node Requirements doc should summarize the requirements for IPv6 nodes, and leave the exceptions, extensions and caveats to deployment documents like the NIST and DoD profiles and application documents. Hemant Singh (shemant) wrote: > It ridiculous that folks wave a document from 1998 away. Further, does > anyone even read emails carefully before replying? When I gave a > reference to RFC 2401 where is was mandated that IPSec is a MUST for > IPv6, I also gave a reference to RFC 4301 that is dated Dec 2005! Both > RFC's have the same section 10 mandating IPSec as a MUST for IPv6. > > Someone else also suggested that maybe we can sub categorize the IPSec > requirement based on different devices like big honking router vs. a > small consumer device etc. I don't think that is wise because one has no > clue what devices will come into being in future where devices support > IPv6. > > Also read Tony Hain's email that discusses cable. This mailer has enough > cable experienced folks to give their input. > > Hemant > > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of > [EMAIL PROTECTED] > Sent: Wednesday, February 27, 2008 9:55 AM > To: [email protected] > Subject: RE: the role of the node "requirements" document > > >> I totally appreciate Alain's concern for cable modem devices with >> limited memory for IPv6 but the problem is that IPv6 community decided >> > > >> as far back as 1998 with RFC 2401 that IPSec is mandatory for IPv6. >> > > The events of 1998 are irrelevant. The fact is that this website > <http://www.ipv6ready.org/about_phase2_test.html> > clearly does not consider IPsec to be part of the IPv6 core protocols > and therefore lots of implementations will not have it. > > Cable boxes are not much different from general purpose computers > running Linux. In fact, they may use Linux for all I know. In any case, > they are complex devices and if you looked at an architecture diagram > for them they would like rather like a network in a box with many > functions on separate chips (or areas of an FPGA) all communicating with > various internal protocols and busses. > > But IPv6 is not just for devices like that. It was also intended to be > something that could be implemented on embedded devices that often use > 8-bit CPUs with the IP stack written in carefully handcoded assembly > language. TINI is an example of such a device but there are hundreds of > them out there and manufacturers continue to introduce new 8-bit > microcontrollers all the time. > > If you have any contacts with Yokogawa in Japan, they have a lot of > experience in this area and will be able to give a better idea of how > common it is to implement IPv6 without IPsec. WIDE people may also know > more about this. > > --Michael Dillon > -------------------------------------------------------------------- > IETF IPv6 working group mailing list > [email protected] > Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 > -------------------------------------------------------------------- > -------------------------------------------------------------------- > IETF IPv6 working group mailing list > [email protected] > Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 > -------------------------------------------------------------------- > > -- Ed Jankiewicz - SRI International Fort Monmouth Branch Office - IPv6 Research Supporting DISA Standards Engineering Branch 732-389-1003 or [EMAIL PROTECTED] -------------------------------------------------------------------- IETF IPv6 working group mailing list [email protected] Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
