> From: Jari Arkko <[EMAIL PROTECTED]> > > They can be similar, but my point was that if you use manual > keying you don't want to create a million SAs, while with > dynamic keying you could in theory do that.
One could consider a special "helper" application/daemon, which would input from user (configuration) single manual key, and then would generate and install the necessary from SA's for the ND protection (I suspect this "daemon" would need to be constantly running, as SA's may be needed dynamically. Perhaps it could be an additional IPSEC key manager (which is at least possible with PF_KEY architecture, e.g. multiple key managements) One could have "secure virtual home WLAN" this way, as all ND would be protected by this key which is only configured to your own machines at home (or at any closed group wanting privacy over WLAN). -------------------------------------------------------------------- IETF IPng Working Group Mailing List IPng Home Page: http://playground.sun.com/ipng FTP archive: ftp://playground.sun.com/pub/ipng Direct all administrative requests to [EMAIL PROTECTED] --------------------------------------------------------------------