From mboxrd@z Thu Jan  1 00:00:00 1970
Message-ID: <06ba01c3842e$7fc22da0$b9844051@insultant.net>
From: "boyd, rounin" <boyd@insultant.net>
To: <9fans@cse.psu.edu>
References: <46016185506c42950346d712e2f1d96f@plan9.bell-labs.com>
Subject: Re: [9fans] ISP filtering - update
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Date: Fri, 26 Sep 2003 15:02:51 +0200
Topicbox-Message-UUID: 4fa23f0e-eacc-11e9-9e20-41e7f4b1d025

> -> random1
> <- random2, hmac(random1, shared key)
> -> hmac(random2, shared key)

i know.  i really want my final solution:

    The final solution is to either beef up IP (bad idea) or replace
    it with a mutually authenticaticated, encrypted protocol.

but there are problems with that too:  backwards compatibility,
a heap of work, integration, testing, QA, ...