On Oct 28, 2011, at 9:01 AM, Ulliott, Chris wrote: > So the assumption I've always had is that a spoke knows two things: > > 1) a method to identify the next cryptographic hop > 2) a method to determine if it's allowed to talk to a specific cryptographic > hop once identified. > > The second point could be solved through PKI and policy (although we need a > standard way to apply this) and the first could be solved through numerous > methods... the challenge is to find a standard way for all vendors are > willing to implement :-)
The first point needs to be a bit more specific: "a method to identify the next cryptographic hop towards a particular address range". --Paul Hoffman _______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
