IPsec in 2.6

martin f krafft madduck at madduck.net
Thu Oct 9 09:57:33 PDT 2003


also sprach Eugen Leitl <eugen at leitl.org> [2003.10.09.1129 +0200]:
> Are there technical reasons for this situation? If yes, what is
> required to enable IPsec default interoperability at least with
> open source OSses?

A curious idea that I've been paying some attention to for a while.
One could simply implement a means that tries to connect with IPsec
by default and falls back to IP if unsuccessful (keeping a cache of
IPsec incapable hosts). The main problem here, of course,  the
required public key repository, if you don't want to
have your keys in DNS records. And also, the expensive SA
negotiation and the potential for DoS.

--
martin;              (greetings from the heart of the sun.)
  \____ echo mailto: !#^."<*>"|tr "<*> mailto:" net at madduck

invalid/expired pgp subkeys? use subkeys.pgp.net as keyserver!

"it is only the modern that ever becomes old-fashioned."
                                                        -- oscar wilde

[demime 0.97c removed an attachment of type application/pgp-signature]





More information about the cypherpunks-legacy mailing list