>>>>> "Vishwas" == Vishwas Manral <[EMAIL PROTECTED]> writes:
Vishwas> We can also solve the problem similarly by something like
Vishwas> BTNS(ofcourse Multicast part needs to be thought further)
Vishwas> which does not necessarily require any certificate
Vishwas> verification - so we may have unauthenticated IKE SA's
Vishwas> but then all keys for the CHILD_SA from there are
Vishwas> automatically generated.
Let me see if I understand this approach correctly. I want to
interact with OSPF. Somehow there is a group key that is in use on my
link. In order to obtain this key, I exchange in an unauthenticated
BTNS-style exchange with someone, and as a result of that exchange,
obtain the key?
First, who do I perform this exchange with? Anyone who currently holds the key?
Second, what threats does this protect against?
Finally, one of the things we typically desire from BTNS-style
protocols is a way to turn them into higher-infrastructure protocols when the
infrastructure is available. Can I do that with your approach? How?
_______________________________________________
sidr mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/sidr
