>> So more accurately, you meant like this?
>>
>> NI query
>> nodeinfo client ------------------> the target
>> with some private key
>> <------------------
>> NI response signed
>> by the private key
>Yes, where the name in the response is a valid domain name, and when the
>client looks for a KEY record on that domain name, it finds a public key
>that can be used to successfully validate the signature on the response.
again, there's no protocol for signing ICMPv6 using private key.
IPsec (AH/ESP) doesn't work here. do you have any proposal?
itojun
--------------------------------------------------------------------
IETF IPng Working Group Mailing List
IPng Home Page: http://playground.sun.com/ipng
FTP archive: ftp://playground.sun.com/pub/ipng
Direct all administrative requests to [EMAIL PROTECTED]
--------------------------------------------------------------------
