> - inputs "lan key from as configuration". All generated SA's use this > (or something derived from it deterministically)
Dan McDonald did a presentation in IPNG on such a scheme a few years back. I don't recall if there ever was an internet-draft. This is using all symmetric crypto, right? This means that if you allow a host on the network and let it authenticate the router advertisements it has secret necessary to pretend to be a router itself i.e. can redirect traffic arbitrarely. While that *might* be reasonable for e.g. a corporate LAN I don't think it is sufficient for a public access LAN. Inherently there seems to be a need to authenticate authorized routers without being able to pretend to be one. Thus different keying material must be used by the sender and receiver. Erik -------------------------------------------------------------------- IETF IPng Working Group Mailing List IPng Home Page: http://playground.sun.com/ipng FTP archive: ftp://playground.sun.com/pub/ipng Direct all administrative requests to [EMAIL PROTECTED] --------------------------------------------------------------------
