A couple of late comments: - for host: I am not sure whether IKE/IPsec should be mandatory, this is not always the case NOW and the IETF intends to move this requirement to SHOULD rather than MUST - for host: I would add 'support ingress traffic filters if ingress traffic filters exist for IPv4' - consumer grade switches: AFAIK, those cheap switches do not support IGMP snooping, so, why mandating MLD snooping? - router and RFC 4213, only the dual-stack part should be supported (as none of us (?) loves tunnels), then the point after (IPsec for tunnels) becomes irrelevant as well as RFC 2473 - router: I would regroup MLD related in one line RFC 4541 (only when switching is implemented as it has no sense for a pure layer-3) and RFC 3810 - router: do we want to have privacy extension for routers as well? Even as an option? - router: I would move the /127 to the mandatory part - router: can we mandate the uRPF function (anti-spoofing?) - firewall & co: I would not mandate (optional is ok of course) to inspect protocol-41 packets for tunnels (because what about teredo? Or any other covert channels) - firewall & co: support of RFC 4213 should be mandatory for the dual-stack part, I cannot imagine having a firewall doing encapsulation (option ok of course) - firewall: mandatory stateful inspection of application traffic transported above IPv6 is the same application is inspected over IPv4 - load balancers: I would put perhaps a gradation in the different 4-6 6-4 load-balancing - load balancers: I fail to see why ISAKMP should be mandatory esp. when IPsec is optional :-) Hope this helps even if a little late... -éric
-----Original Message----- From: ipv6-wg-bounces@ripe.net [mailto:ipv6-wg-bounces@ripe.net] On Behalf Of Marco Hogewoning Sent: jeudi 13 octobre 2011 11:16 To: ipv6-wg@ripe.net Subject: [ipv6-wg] Last call on the replacement of ripe-501 "Requirementsfor IPv6 in ICT equipment"
Dear colleagues,
Following up on feedback received from the community during and after the publication of the ripe-501. The authors have worked on a replacement document, incorporating suggestions made by the community and clarifying some of the requirements. Prior draft versions of this document have been posted to this mailing list in the past months.
The resulting final draft document is now published on the website and reachable via https://www.ripe.net/ripe/docs/other-documents/requirements- for-ipv6-in-ict-equipment
We would like the community to review this document. Although this is not a formal policy proposal, we would like to issue a 4 week working group last call on this draft before publication.
Minor changes like typos or formatting can be sent to the authors or to me directly. Please raise any questions or comments on the content to this list. Unless blocking issues are found on this text, it is our intent to publish this draft as a RIPE Document and to change the status of the current document ripe-501 to obsolete, with a reference to the new document.
The authors will also present on this draft during the IPv6 working group session at the Vienna meeting.
Please send any comments before Thursday November 10 2011, which is 4 weeks from now.
Regards,
Marco Hogewoning on behalf of the IPv6 Working Group chairs