> Maybe I'm showing my ignorance here, but how does the host install this > SA without doing ND? Use the multicast SA to bootstrap?
The "special ND key manager" generates the keys and installs the SA's directly. It does not communicate with other hosts at all. Of course, the key generation algorithm and SPI assignment logic must be the same on each host (this is what would need and RFC to get an agreement). As far as user is concerned, this would be no different than from configuring the "password" to the WLAN card of each host that wants to participate. Only, with IPSEC the crypto would be much stronger. -------------------------------------------------------------------- IETF IPng Working Group Mailing List IPng Home Page: http://playground.sun.com/ipng FTP archive: ftp://playground.sun.com/pub/ipng Direct all administrative requests to [EMAIL PROTECTED] --------------------------------------------------------------------
