On (03/12/08 08:54), James Carlson wrote: > > Even if tcpm-tcp-auth-opt gets deployed, I'd expect that it's really > just a "special" for BGP and related routing protocols that use TCP > (such as LDP and perhaps the new transport options for RSVP and PIM), > and not a general-purpose connection protection mechanism. The keying > issues put it out of reach of the usual applications. You need a > small group of manually keyed systems. It's "high maintenance."
The alternatives to manual keying that were discussed yesterday were even higher maintenance: ideas tossed out included having key-exchange mechanisms similar to the ipsec-ike relationship. It wasn't clear to me, at least, that this was any simpler than just using ipsec itself. --Sowmini _______________________________________________ networking-discuss mailing list [email protected]
