Bill, I agree see my response to James I just sent. Just wanted to flush our IPsec protocol vs Keying which I think we just did.
thanks /jim > -----Original Message----- > From: Bill Sommerfeld [mailto:[EMAIL PROTECTED]] > Sent: Thursday, June 13, 2002 3:16 PM > To: Bound, Jim > Cc: James Kempf; [EMAIL PROTECTED] > Subject: Re: Securing Neighbor Discovery BOF > > > > What problem are you trying to solve? > > securing neighbor discovery exchanges. > > > IPsec works for ND? > > Using AH/ESP to protect ND works fine once the SA's exist. > > However, there's a chicken & egg problem if you want to use IKE, and > manually configuring N*(N-1) SA's across N machines on the link is not > deployable. > > So if you want to use IPsec to protect ND, you need to solve the key > management problem for ND. > > - Bill > -------------------------------------------------------------------- IETF IPng Working Group Mailing List IPng Home Page: http://playground.sun.com/ipng FTP archive: ftp://playground.sun.com/pub/ipng Direct all administrative requests to [EMAIL PROTECTED] --------------------------------------------------------------------
