On Fri, 2004-07-16 at 11:06, Evgeniy Polyakov wrote:
> On Fri, 2004-07-16 at 17:04, jamal wrote:
>
[..]
> They do strong signed digest, but it does not have any kind of counter
> so i do not see replay attack prevention.
Ok, you are right. I do think that there are people who have run this
over IPSEC though. I could swear that the current linux based one does.
I wish we could get Alexander to comment on this discussion.
>
> > > Can it be used over IPv6? (CARP also can't but it is _very_ easy to
> > > add, I just don't have IPv6 network setup to test).
> >
> > Theres effort to have it do v6.
> > http://www.ietf.org/internet-drafts/draft-ietf-vrrp-ipv6-spec-06.txt
> > I agree its lame to have it as an after thought it seems
>
> * VRRP for IPv6 does not currently include any type of authentication. *
Fine.
> I will draw one too.
ok, my resonse attached.
> For those who cares they are already done.
I was done 10 years ago. But theres a lot of fools around.
MS targets the fools.
> > > I have great confidence that Theo de Raadt will not include non
> > > patent-free code in OpenBSD.
> >
> > I hope he is a lawyer or has some good lawyer advising him;->
>
> He is an OpenBSD creator, so he is just a bit more paranoidal than
> others :)
I see ;->
cheers,
jamal
carp.dig2
Description: Text document
|