<t...@cs.fau.de> wrote:
    > But also remember that the original spirit of  rfc4301 (i hope i state 
this correctly)
    > is not that of "tunneling", but rather of authenticating/encrypting 
packets. This
    > is reflected in the SPD that allows you to specify some subsets of 
packets to
    > which you apply this security. So address resolution itself would in most 
    > implementations (at least the ones i know) still see the underlying type 
of interface
    > and use its address resolution method and formats (eg: Ethernete,
    > ARP/ND,

It's a great thought, but it's not implemented for reasons that wind up
devolving into "we don't have a global PKI", (with a bunch of "the customer
didn't ask for that" in the middle)

    > There could still be some RFC specifying how to build a virtual
    > "pseudo-multicast" enabled "NBMA" subnet using a bunch of underlying
    > p2p subinterfaces and how to ND in that case. So maybe i should ask on
    > 6man.

RFC6550 is such a specification.

Michael Richardson <mcr+i...@sandelman.ca>, Sandelman Software Works
 -= IPv6 IoT consulting =-

Attachment: signature.asc
Description: PGP signature

IPsec mailing list

Reply via email to