also sprach Eugen Leitl <eugen@leitl.org> [2003.10.09.1129 +0200]:
Are there technical reasons for this situation? If yes, what is required to enable IPsec default interoperability at least with open source OSses?
A curious idea that I've been paying some attention to for a while. One could simply implement a means that tries to connect with IPsec by default and falls back to IP if unsuccessful (keeping a cache of IPsec incapable hosts). The main problem here, of course, the required public key repository, if you don't want to have your keys in DNS records. And also, the expensive SA negotiation and the potential for DoS. -- martin; (greetings from the heart of the sun.) \____ echo mailto: !#^."<*>"|tr "<*> mailto:" net@madduck invalid/expired pgp subkeys? use subkeys.pgp.net as keyserver! "it is only the modern that ever becomes old-fashioned." -- oscar wilde [demime 0.97c removed an attachment of type application/pgp-signature]