Jim Flowers wrote:
> Another thing I discovered, to my cost, is that CDP to setup tunnels between
> networks can be a problem unless you first put the far-end skiphost into the
> tunnel. This can be done quite easily by swapping "skiplocal export"
> scripts via some secure means.
It doesn't have to be secure in the sense of secret -- just that you
are protected against spoofing. The MKID which is the MD5 hash of
the *public* DH value isn't secret -- You can even email these without
encryption as long as the message is signed. Or, even more low tech,
you can call me on the phone to verify...
