> => I disagree: without authentication (by a pre-shared > secret, certificate/signature or public key) you can be > attacked by the Man-In-The-Middle, i.e., you can get a very > secure connection with a bad guy, not the intended > correspondent. There are some schemes where one participant > can be anonymous, but at most one (i.e., never both).
Is this scheme used anywhere on the net? Can I make use of it whatever time I want? E.g. the server has a cert and I dont, but the server requires IPsec, my client will respond even without cert? Well I asked that question, lets say for the case that two endusers without any certificates can build up a secure line between each other. For example an IM application could turn on IPsec without certificate. The problem is I don't see endusers buying certificates anytime soon, which might be important for pure P2P applications wanting to use the IPsec protocol, at least in my thoughts. Thanks for any info -mg -------------------------------------------------------------------- IETF IPng Working Group Mailing List IPng Home Page: http://playground.sun.com/ipng FTP archive: ftp://playground.sun.com/pub/ipng Direct all administrative requests to [EMAIL PROTECTED] --------------------------------------------------------------------