[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

IPSP VS IPngSP




One of the things this group is chartered to do is to develop an IPv4
security protocol.  Recently, the IPng groups seem to be taking more
and more of an interest in lower layer security services.  Their
interest has even resulted in Internet Drafts that propose security
solutions independant to what is being developed within the IPSEC
Working Group.  It seems to me that this lack of coordination needs to
be addressed as soon as possible.  If it is not addressed soon, and we
end up with seperate and distinct security protocols for IPv4 and the
various IPng protocols, the result will be at the very least
undesirable, and more than likely, costly, confusing, and lead to a
much more difficult coordination effort down the road.

I am not proposing that this group start dedicating its scarce
resources into finding out what is going on in the IPng world.  I am
suggesting that the IPng groups might be best pointing to the work
being done by the IPSEC group for their lower layer security concerns
and that this group keep in mind that this will be the case.   The IPng
liasons should also continue to actively participate in this group,
this kind of synergy is good for all concerned.  I am further proposing
that *when* the IPSEC I-D is written, that the IPng groups be solicited
to provide additional text (in whatever is deemed an appropriate form)
that shows what (hopefully minor) modifications are needed to the IPSP
protocol so that it can provide its security services for the IPng
protocols as well as IPv4.

Rob G.
glenn@osi.ncsl.nist.gov