[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
I'm wondering about the following questions. Will it be clear
to people reading the RFC that routers are special cases, or
does it implicitly open up the protocol to an interpretation
that makes host identification and pairwise privacy a
possibility but not a requirement? Would it be allowable for
an entire domain to use the same SA's so that the hosts could
read each other's traffic and impersonate each other?
Speaking for myself -- I certainly would allow that latter case, not
because I like it but because I think that, on balance, it is often
more secure than the (affordable) alternatives.
But it is necessary that the hosts with which you communicate understand
the granularity of your protection, a point I've made in other messages.