Stefann, You're right. I remember hearing rumblings of vendors requesting this change, mostly because embedded processors of the time had difficulty performing well with IPv6. I see that in 2011 rfc6434 lowered IPSec from "must" to "should". Nevertheless, plenty of products produced before 2011 included IPSec and the vast majority of IPv6-capable nodes on the Internet have it today. Performance is no longer an issue.
-mel beckman > On Oct 4, 2015, at 8:58 AM, Sander Steffann <san...@steffann.nl> wrote: > > Hi, > >> Op 4 okt. 2015, om 16:52 heeft Mel Beckman <m...@beckman.org> het volgende >> geschreven: >> >> If it doesn't support IPSec, it's not really IPv6. Just as if it failed to >> support any other mandatory IPv6 specification, such as RA. > > I think you're still looking at an old version of the IPv6 Node Requirements. > Check https://tools.ietf.org/html/rfc6434#section-11, specifically this bit: > > """ > Previously, IPv6 mandated implementation of IPsec and recommended the key > management approach of IKE. This document updates that recommendation by > making support of the IPsec Architecture a SHOULD for all IPv6 nodes. > """ > > This was published in December 2011. > > Cheers, > Sander >