> So is it the case then that there would be no change in IPsec policy
> required for doing AAA-based or roaming consortia-based key
> management?
"policy" could mean a lot of things.
the overall architecture does not require change. the idea that there
can be more than one way to manage keys is part of it; it's also part
of many implementations.
The policy model will likely need to be extended to add new selectors
(for icmpv6 type/code) because ND "hides" inside icmpv6, but that's an
obvious and (based on previous times when it's been brought up in the
ipsec working group) apparently noncontroversial extension akin to the
existing port-based selectors.
- Bill
--------------------------------------------------------------------
IETF IPng Working Group Mailing List
IPng Home Page: http://playground.sun.com/ipng
FTP archive: ftp://playground.sun.com/pub/ipng
Direct all administrative requests to [EMAIL PROTECTED]
--------------------------------------------------------------------
