This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/[email protected]/
[ipv6-wg] RIPE-501 replacement document - IPsec question to community - we need your input.
- Previous message (by thread): [ipv6-wg] RIPE-501 replacement document - IPsec question to community - we need your input.
- Next message (by thread): [ipv6-wg] RIPE-501 replacement document - IPsec question to community - we need your input.
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Jan Zorz
jan at pragma.si
Wed Dec 28 10:43:22 CET 2011
On 12/27/11 11:36 PM, Sander Steffann wrote: > I agree. We are writing a template for tender initiators for > enterprises. I think we should state that IPSec is mandatory, because > enterprises should have the possibility to set up IPSec site-to-site > tunnels as a minimum. I think we should write it in such a way that > enterprises require IPSec support when writing a request for tender, > unless they consciously decide that they don't need it. So I think we > should put IPSec in the 'required' section. If an enterprise knows it > will not need it then they can move it to 'optional' themselves. > RIPE-501 and its successor are templates to be used and adapted as > necessary. We should provide a sane default, and they might (will > probably?) need IPSec at some point in time. Hi, I somehow agree... Disclaimer: RIPE community explicitly expressed the "wish" not to write anything radical into RIPE-501 bis/replacement document - I think Joao did that also publicly at Amsterdam meeting, and we received this suggestion a lot on and off-line. Being said that, we might disregard all "radical" suggestions, such as "remove IPsec completely from the document" unless they are proven non-radical and that community (majority) feels in that way. So, for that suggestion there is much more support needed from community than we can see it now. Supporters for "remove IPsec requirements completely", make yourself heard, otherwise be quiet for the rest of the time :) (we need to get this document out of the door ASAP, many governments (not joking) are waiting for replacement to take it as basis for their national IPv6 profile ;) ) We received many strong suggestions also off-list to go with the flow and follow IETF way - make it all optional for all devices (maybe with this option we could leave it out for mobile devices). Supporters for this option, make yourself heard, otherwise be quiet for the rest of the time :) Security and IPv6 advocate mind tells us to leave IPSec (at least v2) mandatory for all sections (not valid for mobile devices) and IPsec v3 optional. This would make sense from many points of view, but I (personally) cannot make up my mind if this is not too harsh prerequisite for this moment. Again, supporters for this option, make yourself heard, otherwise be quiet for the rest of the time :) Sanders proposal above adds additional section for all devices (minus mobile), so we expand to "Mandatory", "Required" and "Optional". If I may repeat myself, supporters for this option, make yourself heard, otherwise be quiet for the rest of the time :) So, if WG chairs allow, I would propose a "show of hands" and see, how we can proceed. (anyone who express clear support fo one of the options gets a candy at RIPE64 meeting in Ljubljana :) :) :) ) > > I am leaving for vacation now, so I'll eave it up to this WG to > decide what to do with my input :-) Sander Sander, have a good time and rest a bit :) V6 work for this year is done :) Cheers, Jan Zorz
- Previous message (by thread): [ipv6-wg] RIPE-501 replacement document - IPsec question to community - we need your input.
- Next message (by thread): [ipv6-wg] RIPE-501 replacement document - IPsec question to community - we need your input.
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[ ipv6-wg Archives ]