Hi Steve,
> >Key distribution could be done via Layer 2 AAA or using the roaming
> >consortia idea we had in the ABK draft. However, I think that might
> >require some change in IPsec policy, because I believe the policy
only
> >allows IKE or manual keying for key distribution.
>
> That's not correct. In fact, there's another working group, KINK,
> whose goal is Kerberos key management for IPsec.
>
Thanx for the correction.
So is it the case then that there would be no change in IPsec policy
required for doing AAA-based or roaming consortia-based key management?
Is so, then perhaps this problem is fairly straightforward to solve.
jak
--------------------------------------------------------------------
IETF IPng Working Group Mailing List
IPng Home Page: http://playground.sun.com/ipng
FTP archive: ftp://playground.sun.com/pub/ipng
Direct all administrative requests to [EMAIL PROTECTED]
--------------------------------------------------------------------
