On Wed, Jun 29, 2005 at 02:20:58PM -0400, Michael Richardson wrote: > -----BEGIN PGP SIGNED MESSAGE----- > > > >>>>> "Marc" == Marc Singer <[EMAIL PROTECTED]> writes: > >> Random clients do not have a trust relationship with the owner of > >> the reverse zone. (consider laptops that show up at an IETF) > > Marc> The fascination with reverse lookups baffles me. > > Read: > http://www.sandelman.ca/SSW/freeswan/oeid/draft-richardson-ipsec-opportunistic.html > > And you'll understand. > It's not the PTR that I care about (although I do like it to be > correct), it is the IPSECKEY that I want to insert.
OK. That helps me a bit. I've been wondering for some time why people cared (or trusted) ptr records. The IPSECKEYs are different. Let me see if I get this right. Based on the RFC, there doesn't appear to be a solution. This isn't really about the records, per se, but establishing trust. DNS becomes the weakest link as soon as we start with the dynamic updates. I am willing to trust myself and my home network, but there is no reason for me to trust any other network...especially *not* cafes and hotels. Hmm. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
