On 7/21/11 12:28 PM, Ahmed Abu-Abed wrote:
I believe implementing line rate IPSEC on a CPE requires silicon that accelerates the crypto algorithms, and this may be a good feature but is outside the budget of most consumers who don't need much beyond SSL/TLS embedded in their HTTP client.
So making IPSEC optional is more practical to LIRs needing low cost CPE solutions.
And to answer the question below, I know one low cost IPv6 CPE vendor on RIPE's CPE Survey who doesn't support IPSEC, but haven't checked them all. Hmm, how to promote ipsec and security and not discriminate too many devices at same time?
Should we move IPSEC and all that security stuff under mandatory and pre-pend it with "If ipsec (or whatever fits) is requested, then ...... is required. Would that work? Cheers, Jan