RIPE-501 replacement document ready again for another Last Call

After the authors broke the ‘Last Call’ in the RIPE IPv6 Working Group, the final consensus on the replacement of RIPE-501 with a new proposal was not reached. Since then we have done some work on revisions and changes which have been proposed meantime. Finally, the new version of the document draft is crafted and published here as first…

At November RIPE63 meeting in Vienna we were almost at the end of “WG Last Call”, but as twe received some important comments and suggestions from Jari Arkko (IETF Internet Area Director), Jouni Korhonen (DMM IETF WG Chair) and Eric Vyncke (Cisco , IPv6 security guru), we decided to ask IPv6 WG chairs to break the last call in order we could address all this very useful comments and suggestions and make new version even better.

What have we changed? Jouni has made some technical corrections in the “Mobile Nodes” section, which is now called “Mobile Devices” – especially the Mandatory and optional requirements, some of the new RFC documents, and some new 3GPP specifications.

Most of the debate in the community was on IPsec support. A new RFC on IPv6 requirements is that IPsec is now “optional” and not “Mandatory” (RFC 6434). RIPE IPv6 WG consensus was to follow this paper, bu we also added the following instruction about this matter to those who initiate the tenders:

IPsec: Mandatory or Optional

In the original IPv6 Node Requirements (RFC 4294) IPsec was listed as a ‘MUST’ implement to be standards compliant. The updated RFC (RFC 6434) changed IPsec to a ‘SHOULD’ implement. Reasons for the change are stated in this new RFC.

The RIPE IPv6 Working Group has extensively discussed whether to make IPsec support mandatory or optional. The most vocal constituents showed support for moving IPsec to the optional sections which is what is reflected in this document.

Organisations that use IPsec or expect to use it in the future should include the following in the mandatory section when initiating the tender:
• IPsec-v3 [RFC4301, RFC4303, RFC4302] *
• IKE version 2 (IKEv2) [RFC5996 (obsoletes RFC4306), RFC4718] *
• ISAKMP [RFC2407, RFC2408, RFC2409]

The IPsec specification is now “optional”, but if the OSPF-v3 is demanded in router equipment, this becomes Mandatory, as required by RFC4552 – our specification requires clearly says: “If OSPF-v3 is Requested, the equipment Must comply with” Authentication / Confidentiality for OSPF-v3 [RFC4552]”

New, 7th version of the proposal replacement for RIPE-501is online, see also

Jan Žorž, Go6

Vaš IP naslov (ali ste na IPv6 ?):

No comments yet. Be the first.

Leave a reply