[EMAIL PROTECTED] writes: > The alternatives to manual keying that were discussed yesterday were > even higher maintenance: ideas tossed out included having key-exchange > mechanisms similar to the ipsec-ike relationship. It wasn't clear > to me, at least, that this was any simpler than just using ipsec itself.
I doubt they are. At some point, you end up just reimplementing everything that IPsec has already done, but almost certainly poorly and with high complexity. The real point here is that this is a special case with applications that happen to have some important properties: a high degree of custom configuration is just par for the course. It's not _just_ BGP alone, but it's not anything like a general-purpose solution and users who head off in that direction (despite the warnings that we ought to give them) probably get what they deserve. -- James Carlson, Solaris Networking <[EMAIL PROTECTED]> Sun Microsystems / 35 Network Drive 71.232W Vox +1 781 442 2084 MS UBUR02-212 / Burlington MA 01803-2757 42.496N Fax +1 781 442 1677 _______________________________________________ networking-discuss mailing list [email protected]
