> It seems to me that the important point is that a host needs > to assert something about the strength of security it requires.
Yes, but other ways to assert security properties between unrelated nodes in the Internet require a global PKI. If we had a global PKI today or were rather certain we'll have one in 10 years I think we can stop this discussion. > This is a property of a host, not a property of an address. > I become more and more convinced that asserting this property > via an address bit is both unnecessary (it can be done by > a header field that is equally subject to authentication) > and undesirable (overloading). I don't understand the authentication comment. *If* there was a global PKI so that IPsec could be used for these packets then the information could go in other parts of the packet. Without it the address (i.e. the "identity" from the perspective of modifying routing in MIPv6, neighbor discovery, and anycast) seems to be only place. What am I missing? Erik -------------------------------------------------------------------- IETF IPng Working Group Mailing List IPng Home Page: http://playground.sun.com/ipng FTP archive: ftp://playground.sun.com/pub/ipng Direct all administrative requests to [EMAIL PROTECTED] --------------------------------------------------------------------
