Pekka Savola wrote:
> Are there any non-encumbered technologies to Secure ND? IP Security, for one. The current IPsec can be used, though it's pretty cumbersome due to (a) large number of similar SAs needed for manual keying due to destination address being a part of SA lookup and (b) chicken-and-egg problem for IKE. The problem (a) could be solved, and the result would be a more easily usable IPsec for securing large private networks. For public networks manual keying does not scale, however. Perhaps something can be done for (b). For instance, one possible, even if ugly, solution is to provide an ND-level message to carry IKE-like traffic between the ND peers until an IPsec SA can be established. Contributions on this space are sought -- feel free to jump in here ;-) Then there are ABK and CGA-based techniques. Anyway, I'm not sure we at this point have all the solutions. If we agree the issue is a problem, the group will figure out the possible solutions and their pros and cons. (IPRs are likely to be taken in account.) Jari -------------------------------------------------------------------- IETF IPng Working Group Mailing List IPng Home Page: http://playground.sun.com/ipng FTP archive: ftp://playground.sun.com/pub/ipng Direct all administrative requests to [EMAIL PROTECTED] --------------------------------------------------------------------
