James,
>Ed Jankiewicz writes:
>> As Jim Bound has stated many times, IETF defines standards not
>> deployment, and the Node Requirements revision should reiterate that
>> the standard for security in IPv6 is IPsec citing RFC 4301
>(successor
>> to 2401). OTOH, we at DoD and NIST are certainly addressing
>> deployment
>
>That's an argument for: "if you claim to implement security at
>all with IPv6, you must at least implement IPsec as described
>in {insert references}."
>
>It's not a good argument for "everyone must implement security
>in all cases in order to be considered a good IPv6 citizen,
>even if they have no plans to use those security protocols, so there."
Well, I would say that we (HW, SW, Platform providers) cannot expect to
understand
all of the ways that their products will be deployed, so it is extremely
hard
to state "security is not needed." I am sure we can find a few corner
cases,
but I find it hard to believe that we can accept this as a general
truism.
The Security Area has clearly stated that security is important; having
mechanisms to secure protocols is manditory; multiple non-madatory
solutions decrease security.
I interpret this to mean that if you have IPv6, you need a common
mechanism
to secure it. There is L2 security, and there are things like DTLS and
TLS,
but there needs to be security to be available at the IP layer.
John
--------------------------------------------------------------------
IETF IPv6 working group mailing list
[email protected]
Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
--------------------------------------------------------------------
