On Fri, Mar 10, 2006 at 09:36:07AM +0000, tony sarendal wrote: > On 09/03/06, Florian Daniel Otel <[EMAIL PROTECTED]> wrote: > > > > Hello all, > > > > I have the following question (== misunderstanding from my part?) > > w.r.t. openbgp support for dynamic keying: I was living under the > > impression (hope?) that the said support means not only that the keys > > for the BGP peering session per se are established dynamically but > > also that the SPD itself is kept in sync with the coresp. BGP routing > > info i.e. bgp updates the IPsec flows to be consistent with the BGP > > routing info exchanged with the said peer. > > > Without ever having looked at this I would guess that openbgpd support > for dynamic keying is for securing the bgp session itself, nothing more. >
Yes, this is correct. -- :wq Claudio
