In your letter dated Thu, 23 Jun 2011 20:30:05 -0500 you wrote: >OH... That's an intriguing idea, use 802.1x to securely feed SEND. That >might even make using SEND practical in an open network environment like >a University. Its a massing protocol layering violation, but most >things in the security realm are.
I'm not sure how that's supposed to improve things. To make 802.1x secure (for the client) the client needs to have the server's certificate. Otherwise there can be a man-in-the-middle attack. If you have a way of providing clients with certificates, why not distribute the keys for SEND directly? -------------------------------------------------------------------- IETF IPv6 working group mailing list ipv6@ietf.org Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
