On 6/26/07, Sandy Harris <[EMAIL PROTECTED]> wrote:
It is certainly a problem, but you can get around it partially even if your IP
address is dynamically assigned:


You do need to use a dynamic DNS server to handle your keys, but there
are lots of those, and many do provide that service.

Also, this is limited to "initiate-only" IPsec; it does not handle incoming
connections. However, that may be enough for many client machines that live
in dynamic address space.

I don't get it. Why is it so limited? Reverse DNS is not significantly
more trustworthy than simply querying the remote host on a known port
if you don't have DNSSEC.

"Please let me know if there's any further trouble I can give you."
   -- Unknown

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to