>> So more accurately, you meant like this? >> >> NI query >> nodeinfo client ------------------> the target >> with some private key >> <------------------ >> NI response signed >> by the private key >Yes, where the name in the response is a valid domain name, and when the >client looks for a KEY record on that domain name, it finds a public key >that can be used to successfully validate the signature on the response.
again, there's no protocol for signing ICMPv6 using private key. IPsec (AH/ESP) doesn't work here. do you have any proposal? itojun -------------------------------------------------------------------- IETF IPng Working Group Mailing List IPng Home Page: http://playground.sun.com/ipng FTP archive: ftp://playground.sun.com/pub/ipng Direct all administrative requests to [EMAIL PROTECTED] --------------------------------------------------------------------