Basavaraj Patil <[EMAIL PROTECTED]> writes: > I agree with Thomas about his views on IPsec being a mandatory and > default component of the IPv6 stack. Because of this belief, Mobile > IPv6 (RFC3775) design relied on IPsec for securing the > signaling. This has lead to complexity of the protocol and not > really helped either in adoption or implementation.
To be clear, this is a simplistic explanation. Had IPsec (and IKE) not been used for MIPv6, they would have had to invent a whole new security protocol for securing things. As we know, coming up with yet another security mechanism is hugely problematic for the IETF. It is far from clear that the MIPv6 WG had the necessary competence to do this, and it is far from clear that the security community would have found the problem space interesting enough to help the WG get it right. > IPsec based security is an overkill for Mobile IPv6 and illustrates > the point that you do not have to use it simply because it happens > to be an integral part of IPv6. THe reason for choosing IPsec was not just because it was "part of IPv6". It was also chosen because there wasn't really another obvious alternative to use. And inventing a new one would have been duanting. (And please don't point to RFC 4285 as the solution. The IESG note that goes with that document is not to be dismissed lightly.) Thomas -------------------------------------------------------------------- IETF IPv6 working group mailing list [email protected] Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
