[ipv6-wg] RIPE-501 and IPSEC on CPEs

On Jul 26, 2011, at 9:04 AM, Jan Zorz @ go6.si wrote:

> On 7/26/11 3:44 PM, Ole Troan wrote:
>>>> My suggestion would be to add (in addition to RFC6204 in
>>>> mandatory):
>>>> 
>>>> "If this specification is used for business class CPE, then
>>>> IPsec-v2 [RFC2401, RFC2406, RFC2402], IKE version 2 (IKEv2)
>>>> [RFC4306, RFC4718] and ISAKMP [RFC2407, RFC2408, RFC2409] must be
>>>> supported in addition to RFC6204 requirements"
>>> 
>>> Any opinions from the WG on this? Otherwise I would add this to the
>>> spec.
>>> 
>>> Ole?
>> 
>> on the fence, but if I had to fall down on one side I think its OK.
>> perhaps a should? it really depends on the deployment. not all
>> business deployments require VPNs. which presume is what is the
>> underlaying reason for requiring this?
> 
> Ole, thnx for kicking in...
> 
> So, did you mean something like this in Optional section:
> 
> "If this specification is used for business class CPE, then it is highly recommended, that IPsec-v2 [RFC2401, RFC2406, RFC2402], IKE version 2 (IKEv2) [RFC4306, RFC4718] and ISAKMP [RFC2407, RFC2408, RFC2409] are unconditionally required in addition to RFC6204 requirements"
> 
> Would that work?
> 
> What others think?

The document lists mandatory and optional requirements.  I think we should stick to this model.  I like this new wording for the optional section here since it does stipulate that IPsec is strongly recommended but does not mandate it.   

- merike