Kevin, I would say that is not a logical argument, IMO. The IETF has long considered security to be an essential part of internet protocols. Pease read http://tools.ietf.org/html/rfc4301. SMTP in that sense is optional, and not considered a part of IPv6. The ability to secure the IP layer has been seen as a mandatory requirement from the Security AD.
That being said, there seems to be strong feeling that IPsec support is not being considered mandatory, so the WG needs to consider how we are able to secure the IP layer. I do not think l2 security is sufficient, as L2 security will not create a security association between two arbitrary nodes in the interenet. I would also mention that some people are looking at more point solutions or solutions that may be deployed in a managed deployment. IMO, those are not the general case that the Node Req. document is trying to address. I will try to summarize this thread, but I think it might be up to the WG chairs to discuss this with our ADs and the Security ADs to understand what the IESG considers to be the correct level of security requirements. John >-----Original Message----- >From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On >Behalf Of ext Kevin Kargel >Sent: 29 February, 2008 07:31 >To: [email protected] >Subject: RE: the role of the node "requirements" document > > To make a furthur rediculous analogy, SMTP is a >wonderfully functional spec, and it makes perfect sense to >mandate that any devices utilizing SMTP MUST be compliant to >the ESMTP spec RFC2821, but it would be rather silly to >mandate that ALL IPv6 connected devices be RFC2821 compliant >regardless of whether they have a requirement for SMTP. > > If the operating system of the nifty internet >accessible doohickey that you wish to patent and sell has no >need to exchange email, then building in ESMTP compliance >would be an unecessary expense that would reduce the >profitiability of your venture and would cost consumers (who >ultimately pay for everything) more money. > > It may be a piddling amount, and a trivial >implementation, but we must bear in mind the straw/camel >parable. Many little things can aggregate to be a large burden. > > >> Kevin and many others against mandating (MUST) for IPSec >have a valid >> point. Many sensors and other potential IPv6 nodes do not have the >> hardware resources to support IPSec, or those resources are better >> spent at other tasks. >..... >-------------------------------------------------------------------- >IETF IPv6 working group mailing list >[email protected] >Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 >-------------------------------------------------------------------- > -------------------------------------------------------------------- IETF IPv6 working group mailing list [email protected] Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
