Chris' case is a little different, because he is willing to do some work to establish trust between the two administrative domains, so it's not really opportunistic (although doing it with OE might be a solution)
So there could be some "hub gateway" that could do the introducing, perhaps over IPsec or IKE. On the one hand, if DNS works and everybody already has a DNS resolver, it may be better to use that than to invent a new mechanism. OTOH if I didn't like inventing new mechanisms, I wouldn't be participating in the IETF. -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Michael Richardson Sent: 24 October 2011 16:01 To: [email protected] Cc: Ulliott, Chris Subject: Re: [IPsec] New -00 draft: Creating Large Scale Mesh VPNs Problem Statement I was not intending to be, (I have no ticket as yet), but plans might change. It seems like Chris has all of the requirements of OE, and there is all of the challenges. IPv6 and homenet might well provide FDQNs for hosts, and a trusted path to update the reverse. If DNS does not work for you, then you need another trusted introducer, and there have been many proposals out there for doing this kind of thing. None of taken off and hit the elbow of exponential growth. _______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
