>>If somebody wants to build a network where anybody can walk up and connect >>yet want to limit the damage one "visitor" can do to another, it seems >>like assuming pre-configured IPsec SAs for the multicast addresses used >>by Neighbor Discovery is a non-starter.
I completely argree. You may also want to have a look at my Cambridge Security Protocols Workshop 2001 paper. Pekka Nikander, "Denial-of-Service, Address Ownership, and Early Authentication in the IPv6 World,", presented at Cambridge Security Protocols Workshop 2001, April 25-27, 2001, Cambridge University. To be published in the workshop proceedings at the LNCS series. http://www.tml.hut.fi/~pnr/publications/cam2001.pdf --Pekka -------------------------------------------------------------------- IETF IPng Working Group Mailing List IPng Home Page: http://playground.sun.com/ipng FTP archive: ftp://playground.sun.com/pub/ipng Direct all administrative requests to [EMAIL PROTECTED] --------------------------------------------------------------------
