Stefann, You're right. I remember hearing rumblings of vendors requesting this change, mostly because embedded processors of the time had difficulty performing well with IPv6. I see that in 2011 rfc6434 lowered IPSec from "must" to "should". Nevertheless, plenty of products produced before 2011 included IPSec and the vast majority of IPv6-capable nodes on the Internet have it today. Performance is no longer an issue. -mel beckman
On Oct 4, 2015, at 8:58 AM, Sander Steffann <sander@steffann.nl> wrote:
Hi,
Op 4 okt. 2015, om 16:52 heeft Mel Beckman <mel@beckman.org> het volgende geschreven:
If it doesn't support IPSec, it's not really IPv6. Just as if it failed to support any other mandatory IPv6 specification, such as RA.
I think you're still looking at an old version of the IPv6 Node Requirements. Check https://tools.ietf.org/html/rfc6434#section-11, specifically this bit:
""" Previously, IPv6 mandated implementation of IPsec and recommended the key management approach of IKE. This document updates that recommendation by making support of the IPsec Architecture a SHOULD for all IPv6 nodes. """
This was published in December 2011.
Cheers, Sander