Hi, Jan, On 12/23/2011 05:45 AM, Jan Zorz @ go6.si wrote:
The change was largely due to limitations found in low power devices and therefore we still feel the community is best served by requiring mandatory IPsec support in all other devices (hosts, routers or layer-3 switches, network security devices, load balancers)
While I have not followed the discussion that lead to MUST -> SHOULD in RFC6434 closely, I should say that it is well understood that the previous requirement of "MUST" was mostly "words on paper". Question: Does "requiring IPsec support in all other devices" mean "complying with RFC 4301"? If that's the case, you're also requiring those devices to support IKEv2. If that's intentional, I think you should make it explicit... Thanks, and Merry Christmas! Best regards, -- Fernando Gont SI6 Networks e-mail: fgont@si6networks.com PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492