>
> > Maybe I'm showing my ignorance here, but how does the host install
this
> > SA without doing ND? Use the multicast SA to bootstrap?
>
> The "special ND key manager" generates the keys and installs the SA's
> directly. It does not communicate with other hosts at all. Of course,
> the key generation algorithm and SPI assignment logic must be the same
> on each host (this is what would need and RFC to get an agreement).
>
> As far as user is concerned, this would be no different than from
> configuring the "password" to the WLAN card of each host that wants to
> participate. Only, with IPSEC the crypto would be much stronger.
>
We could leverge the roaming consortium or L2 AAA for this perhaps?
Getting the user involved is not such a good option, as this has nothing
at all to do with anything the user might be concerned about.
jak
--------------------------------------------------------------------
IETF IPng Working Group Mailing List
IPng Home Page: http://playground.sun.com/ipng
FTP archive: ftp://playground.sun.com/pub/ipng
Direct all administrative requests to [EMAIL PROTECTED]
--------------------------------------------------------------------
