Dow Street writes: > 1. the Internet *does not* need a mandatory security mechanism at > the IP layer > 2. the Internet *does* need a mandatory security mechanism at the IP > layer, but IPsec is not the right one because it is too heavyweight > 3. the Internet *does* need a mandatory security mechanism at the IP > layer, but IPsec *alone* is insufficient (without IKE, key mgmt, etc) > 4. I don't care about the architecture of the Internet, because I > intend to develop devices that are never connected to the global > Internet (and therefore play no role in defining the Internet > architecture or adhering to Internet best practices).
I suppose I'm closest to (1) in your list, but I'd still phrase it differently. 5. IP itself works properly without IPsec -- and demonstrably so. It's not a _requirement_; it's not something that without which IP simply fails to operate. It's desirable, and likely highly desirable, but it's not a fundamental issue. It's fine to say that implementations darn well ought to have security mechanisms unless they've got some really compelling reasons not to. It's also fine to say that choosing a common one is far, far better than having several. However, that's not what "MUST" means. MUST means that you have no options for any other possible environment -- do it, or just ignore the RFC. "SHOULD" carries with it a great deal of force. You have some real explaining to do if you choose to ignore the recommendation. You can't just do it on a whim. I'd go so far as to say that if you choose otherwise, and the result of your choice is that you fail to fulfill other obligations that you have, then you've chosen incorrectly and you're not complying with the letter of the RFC -- you SHOULD have implemented it. I suspect that the people who are arguing in favor of "MUST" have a fear that "SHOULD" is just too weak. I don't see how that's the case at all, as it does indeed force nearly all implementors (those who wish to become or remain compliant with the requirements of the RFC) to implement IPsec -- which is exactly what the "MUST" contingent wants. (And, really, the lack of mandated key management does make even the "SHOULD" language a bit of a farce, as Thomas Narten has correctly observed. You're not really getting any security goodness by implementing a fraction of the bits needed for a real solution.) -- James Carlson, Solaris Networking <[EMAIL PROTECTED]> Sun Microsystems / 35 Network Drive 71.232W Vox +1 781 442 2084 MS UBUR02-212 / Burlington MA 01803-2757 42.496N Fax +1 781 442 1677 -------------------------------------------------------------------- IETF IPv6 working group mailing list [email protected] Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
