Markku Savela wrote:
> One could consider a special "helper" application/daemon, which would > input from user (configuration) single manual key, and then would > generate and install the necessary from SA's for the ND protection (I > suspect this "daemon" would need to be constantly running, as SA's may > be needed dynamically. and then: > Securing ND with existing IPSEC (kernel) only needs to agree on > specific SPI to use and, assuming a special key management daemon, > which would do the following tasks True. (Both were listed a long time ago in Section 8 of [1] as one of the alternatives... I tried to do something about the issue at the IPsec WG but there weren't too many interested parties, maybe v6 wasn't interesting at that time, or something.) But as Erik pointed out the symmetric crypto may not be sufficient. Jari ---- [1] http://www.piuha.net/~jarkko/publications/draft-arkko-manual-icmpv6-sas-00.txt -------------------------------------------------------------------- IETF IPng Working Group Mailing List IPng Home Page: http://playground.sun.com/ipng FTP archive: ftp://playground.sun.com/pub/ipng Direct all administrative requests to [EMAIL PROTECTED] --------------------------------------------------------------------
