Jari, > Something like 802.1x EAP with an appropriate EAP submethod that generates > session keys could be used here. Then you would get per-host session keys, > and presumably all announcements coming from the router would have to be > duplicated for all receivers, and there'd be no host-host communication. Perhaps > that might be good in enough in some cases.
Actually, 802.1x also gives the host a multicast/broadcast key. alper > > Alternatively, AAA might give you the overall key for the network. In that > case there'd be no limitations mentioned above, but you could spoof yourself > as the router or the other hosts. Not sure there's increase in security > compared to where we started, if unsuccessful network access authentication > throws you out of the link. > > Jari > > -------------------------------------------------------------------- > IETF IPng Working Group Mailing List > IPng Home Page: http://playground.sun.com/ipng > FTP archive: ftp://playground.sun.com/pub/ipng > Direct all administrative requests to [EMAIL PROTECTED] > -------------------------------------------------------------------- > -------------------------------------------------------------------- IETF IPng Working Group Mailing List IPng Home Page: http://playground.sun.com/ipng FTP archive: ftp://playground.sun.com/pub/ipng Direct all administrative requests to [EMAIL PROTECTED] --------------------------------------------------------------------
