>>>>> "Dan" == Dan Wing <[email protected]> writes: Dan> If the subscriber's IP address really is static, the subscriber Dan> can avoid DNS entirely, and just put their static IPv6 (or Dan> IPv4) address into their portable computing device (tablet, PC, Dan> whatever) and they're done. That way, the user doesn't need to Dan> know how to edit a zone file or beg their ISP for a FQDN.
Dan> That leaves the user with the complication of configuring a VPN
Dan> on their consumer-grade router and on their portable computing
Dan> device (table, PC, whatever). Still pretty hard.
Is the goal communications with the home(net), or is the goal to appear
to still be at home ("MobileIP")?
If the former, then given end-to-end addressing and routing,
transport-mode or /128-tunnel-mode IPsec may be more appropriate. And
one may be able to leverage application layer authentication to do
channel binding of BTNS-IPsec.
Secondly, half the time I've heard people want "remote access/VPN", it's
not a security issue, it's a reachability and addressing issue.
--
] He who is tired of Weird Al is tired of life! | firewalls [
] Michael Richardson, Sandelman Software Works, Ottawa, ON |net architect[
] [email protected] http://www.sandelman.ottawa.on.ca/ |device driver[
Kyoto Plus: watch the video <http://www.youtube.com/watch?v=kzx1ycLXQSE>
then sign the petition.
pgpSeR9zyrR6K.pgp
Description: PGP signature
_______________________________________________ homenet mailing list [email protected] https://www.ietf.org/mailman/listinfo/homenet
