On Fri, 16 May 2003, Noah Meyerhans wrote: > I don't think it's possible to *need* opportunistic encryption. By its > very nature it's unreliable. You have no guarantee that you've got an > IPsec session with a given host, so you really can't rely on > opportunistic encryption to provide you with any security.
Very true. The point of opportunistic encryption is to increase the use of IPsec net-wide. The general idea being that, if two random hosts can, they should without manual intervention. I think this is a great goal, in the general sense, much like opportunistic compression to save bandwidth, as seen in such things as mod_gzip for Apache. -j -- Jamie Lawrence [EMAIL PROTECTED] Give a man a match, and he'll be warm for a minute, but set him on fire, and he'll be warm for the rest of his life.
