On 6/26/07, Sandy Harris <[EMAIL PROTECTED]> wrote:
It is certainly a problem, but you can get around it partially even if your IP
address is dynamically assigned:

http://www.freeswan.org/freeswan_trees/freeswan-2.00/doc/quickstart.html#opp.client

You do need to use a dynamic DNS server to handle your keys, but there
are lots of those, and many do provide that service.

Also, this is limited to "initiate-only" IPsec; it does not handle incoming
connections. However, that may be enough for many client machines that live
in dynamic address space.

I don't get it. Why is it so limited? Reverse DNS is not significantly
more trustworthy than simply querying the remote host on a known port
if you don't have DNSSEC.

--
Taral <[EMAIL PROTECTED]>
"Please let me know if there's any further trouble I can give you."
   -- Unknown

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to