Hi,
Yes. Even if we could achieve agreement on a subset of devices where it's supposed to make sense, "IPsec" is really a catchphrase for a set of related protocols, so anyone who actually needs some of it needs to ask for it explicitly anyway.
My experience differs. I have a bunch of site-to-site VPNs on IPSEC, partially to not very large sites, and most enterprisey routers I've met can do an IPSEC tunnel just fine.
How many sizeable enterprises or government entities do you know that really reside in just one building or even campus? The requirement to be able to connect a satellite office to headquarters is not really esoteric.
I agree. We are writing a template for tender initiators for enterprises. I think we should state that IPSec is mandatory, because enterprises should have the possibility to set up IPSec site-to-site tunnels as a minimum. I think we should write it in such a way that enterprises require IPSec support when writing a request for tender, unless they consciously decide that they don't need it. So I think we should put IPSec in the 'required' section. If an enterprise knows it will not need it then they can move it to 'optional' themselves. RIPE-501 and its successor are templates to be used and adapted as necessary. We should provide a sane default, and they might (will probably?) need IPSec at some point in time. I am leaving for vacation now, so I'll eave it up to this WG to decide what to do with my input :-) Sander