This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/ipv6-wg@ripe.net/
[ipv6-wg] RIPE-501 and IPSEC on CPEs
- Previous message (by thread): [ipv6-wg] RIPE-501 and IPSEC on CPEs
- Next message (by thread): [ipv6-wg] RIPE-501 and IPSEC on CPEs
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Merike Kaeo
merike at doubleshotsecurity.com
Tue Jul 26 19:24:42 CEST 2011
On Jul 26, 2011, at 9:04 AM, Jan Zorz @ go6.si wrote: > On 7/26/11 3:44 PM, Ole Troan wrote: >>>> My suggestion would be to add (in addition to RFC6204 in >>>> mandatory): >>>> >>>> "If this specification is used for business class CPE, then >>>> IPsec-v2 [RFC2401, RFC2406, RFC2402], IKE version 2 (IKEv2) >>>> [RFC4306, RFC4718] and ISAKMP [RFC2407, RFC2408, RFC2409] must be >>>> supported in addition to RFC6204 requirements" >>> >>> Any opinions from the WG on this? Otherwise I would add this to the >>> spec. >>> >>> Ole? >> >> on the fence, but if I had to fall down on one side I think its OK. >> perhaps a should? it really depends on the deployment. not all >> business deployments require VPNs. which presume is what is the >> underlaying reason for requiring this? > > Ole, thnx for kicking in... > > So, did you mean something like this in Optional section: > > "If this specification is used for business class CPE, then it is highly recommended, that IPsec-v2 [RFC2401, RFC2406, RFC2402], IKE version 2 (IKEv2) [RFC4306, RFC4718] and ISAKMP [RFC2407, RFC2408, RFC2409] are unconditionally required in addition to RFC6204 requirements" > > Would that work? > > What others think? The document lists mandatory and optional requirements. I think we should stick to this model. I like this new wording for the optional section here since it does stipulate that IPsec is strongly recommended but does not mandate it. - merike
- Previous message (by thread): [ipv6-wg] RIPE-501 and IPSEC on CPEs
- Next message (by thread): [ipv6-wg] RIPE-501 and IPSEC on CPEs
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[ ipv6-wg Archives ]