Hi Stephen,
I haven't read the protocol yet (although I must say Sec. 4.3 worries
me, it reminds me of the renegotiation vulnerability), but:
- I understand MPLS traffic is often protected at a higher layer by
IPsec. If we had a good opportunistic solution for IKE/IPsec, it could
also cover this use case. And we know people are working on such
solutions. [Here, that's me and my little turf war].
- But even at layer 2, there are existing solutions like WPA or MacSec.
Can none of them be used (or extended) for this use case and do we
really have to develop both the bulk encryption and key exchange from
scratch? Sorry to be such a spoilsport.
Thanks,
Yaron
_______________________________________________
perpass mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/perpass
