On 04/22/2010 01:09 PM, Henning Rogge wrote:
Am Donnerstag 22 April 2010 20:47:24 schrieb Dave Taht:
I concur about secure BGP's limitations. It's what I meant by "halfway
decent". As for OSPFv3 + IPsec + IPv6, it's actually, well, not
horrible. I had never heard of anyone getting it to work before today,
actually.
IPv6 and IPsec should be "fun"... IPsec, IPv6 and multicast is 'the holy
grail' (does not work on linux according to my knowlegde).
I achieved 2/3s of that holy grail 2 years ago, on an olpc and several
ubuntu. See:
http://the-edge.blogspot.com/2008/03/ipsec-over-ipv6-for-olpc.html
Unfortunately I never wrote down precisely what I did.
I've been fiddling with multicast ever since...
The problem is that securing a routing protocol you need to authenticate the
propagation of the topology/distance information through the whole net. IPsec
cannot really do this.
Yes, I agree ipsec can't do this, or at least, only a part, which is
more or less why I tried to point people at uftp and ntp4's autokey in
my first message on this topic.
Henning
_______________________________________________
Babel-users mailing list
[email protected]
http://lists.alioth.debian.org/mailman/listinfo/babel-users
