On Sun, Jun 06, 2010 at 12:47:36AM +0200, Joerg Sonnenberger wrote: > On Sat, Jun 05, 2010 at 05:57:55PM -0400, Thor Lancelot Simon wrote: > > IPKDB used a custom MD5-based packet hash for "security". I actually > > think it would probably be very easy to support a single IPsec ESP > > security association instead. The hair with IPsec is all with key > > negotiation. Don't bother, and don't do some things like replay > > protection, and ESP is a very simple, compact little shim layer on IP. > > If you want to secure the link, having a fixed AES key and including a > SHA1 hash would provide most of the security with very little > complexity.
That's exactly what I just said. -- Thor Lancelot Simon t...@rek.tjls.com "All of my opinions are consistent, but I cannot present them all at once." -Jean-Jacques Rousseau, On The Social Contract
