27 Dec
2011
27 Dec
'11
5:44 p.m.
Hi, On Dec 27, 2011, at 8:08 am, Merike Kaeo wrote:
On Dec 27, 2011, at 7:43 AM, Eric Vyncke (evyncke) wrote:
I think that we should keep IPsec/IKEv2 only for firewall and mention to any place where OSPFv3 is mentioned that the support of AH is required.
Is there an RFC that now states that IPsec AH for OSPFv3 is a 'MUST' or 'SHOULD' and not a 'MAY'? Last I recall the specifics for how to implement IPsec for OSPFv3 are in RFC4552 and states that ESP is a 'MUST' and AH is a 'MAY'.
There is an unverified errata report that reverses those key words: http://www.rfc-editor.org/errata_search.php?rfc=4552 It'll be interesting to see if its status is ever changed to verified. Regards, Leo