Paul Jakma wrote:
Interesting. <comments sent off list>
Thanks!
Apologies, I'm not questioning CGA and it's use with SeND at all. I'm questioning wider off-link, non-ND use of CGA, eg with Shim.
Sure. And I did not want to start an argument on whether we should or should not use CGA. Just providing information on a previous case and why an IPsec solution did not work well for that. But I wanted disagree on CGA being very different in terms of its on or off link usage and the need for IKE with either HBA or CGA. --Jari