potential new IETF WG on anonymous IPSec

[Thomas Shaddack]

On Wed, 15 Sep 2004, Ian Grigg wrote:

> The whole point of the CA model is that there is no prior
> relationship and that the network is a wild wild west sort
> of place - both of these assumptions seem to be reversed
> in the backbone world, no?  So one would think that using
> opportunistic cryptography would be ideal for the BGP world?

If I remember correctly, the TCP MD5 option field was designed for 
securing BGP traffic, using the shared secret approach.


I was also thinking about "borrowing" this feature for things like 
announcement of additional features, eg. the possibility of opportunistic 
encryption, in eg. the TCP/SYNACK packets. There's space for 16 bytes of 
magic numbers.