On Fri, 15 Sep 2017, Michael Richardson wrote:
Paul Wouters <[email protected]> wrote:
> See also Opportunistic IPsec, which is a way of creating a mesh with
> IPsec using some kind of central (X.509) or decentral (DNSSEC)
> authentication. See:
And it's important to note that the reverse map that is used doesn't have to
be the public (DNS) one!
Right. But also we support the forward DNS. That is libreswan can also
use the IDr for a forward DNS lookup, which can also be an internal-only
zone. I believe in that case we also then do another lookup of the IDr
in the forward to ensure it includes an A/AAAA record to the IP we are
connecting to.
Paul
_______________________________________________
I2nsf mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/i2nsf
