>>>>> "Jorge" == Jorge Coronel <[email protected]> writes:
Jorge> +1
Jorge> I agree DNSSEC cannot be assumed, its deployments have been
Jorge> marginal.
DNSSEC is *one* *public* trusted third party. It's not the only way to
use DNS securely, it's just the easiest one to arrange between total
strangers.
You don't need DNSSEC deployed universally to use DNS securely.
Jorge> I also agree with the need of an ad-hoc peer-to-peer VPN
Jorge> bypassing gateways. While there are implementations from
Jorge> multiple vendors, including the one I work for, there is no
Jorge> standardized/scalable solution for the problems associated
Jorge> with these scenarios. Key challenges are:
Jorge> - Discoverability of suitable peers
Jorge> - Discovery of the set of crypto contracts required if
Jorge> allowed
====
Jorge> I won't be able to attend the IETF meeting in Taiwan, however
Jorge> once the date and time is settled I'll coordinate with
Jorge> someone representing my company to attend the BOF meeting.
+1
_______________________________________________
IPsec mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/ipsec
