>> 	again, it is next  to impossible to configure it in secure manner,
>> 	due to ipsec configuration twist (multicast ipsec is almost
>> 	impractical, site-local IPv6 routing is also impractical, router
>> 	renumbering requires BOTH!).  i just do not feel like putting it
>> 	into the tree.
>Ah, I didn't know (remember) that it depended on site-local routing.
>That sounds bad to me too; there isn't much consenses on the
>site-local routing issue in the IETF groups yet, or is there? 

	not very much.

>Why is multicast ipsec impractical (never looked at it, so am
>ignorant on it). Is it a configuration nightmare (is it fundamentally
>different than for unicast IPSEC?), or is it impractical
>from a security perspective (one compromised router, compromises all
>kinda thing?).

	it is (1) key distribution issue (no automated key distribution
	mechanism), (2) support issue (not many routers do IPv6 IPsec - yet),
	and finally (3) ipsec-over-multicast itself is not documented well
	(if not at all).
	due to key distribution issue, you'd need to configure ipsec manual
	keys into all routers.

>Wouldn't it be feasible to have a renumbering protocol 
>based on global-address unicast only. It may be a bit less functional,
>but more practical and I'd think sufficient for *re*-numbering
>(instead of also for bootstrap auto-configuration).

	please speak up in ipngwg, i did not define it :-)
	if we use global unicast,
	(1) outsiders can transmit you a router renumbering command messages
	(2) during the renumbering process, you will remove global address
	    from ISP A and add one from ISP B.  if you remove A first,
	    you will be hosed (and it is possible to do)
	(3) how can we maintain list of routers address?

itojun