James Kempf wrote:
>>As far as user is concerned, this would be no different than from >>configuring the "password" to the WLAN card of each host that wants to >>participate. Only, with IPSEC the crypto would be much stronger. > > We could leverge the roaming consortium or L2 AAA for this perhaps? > Getting the user involved is not such a good option, as this has nothing > at all to do with anything the user might be concerned about. Something like 802.1x EAP with an appropriate EAP submethod that generates session keys could be used here. Then you would get per-host session keys, and presumably all announcements coming from the router would have to be duplicated for all receivers, and there'd be no host-host communication. Perhaps that might be good in enough in some cases. Alternatively, AAA might give you the overall key for the network. In that case there'd be no limitations mentioned above, but you could spoof yourself as the router or the other hosts. Not sure there's increase in security compared to where we started, if unsuccessful network access authentication throws you out of the link. Jari -------------------------------------------------------------------- IETF IPng Working Group Mailing List IPng Home Page: http://playground.sun.com/ipng FTP archive: ftp://playground.sun.com/pub/ipng Direct all administrative requests to [EMAIL PROTECTED] --------------------------------------------------------------------
