i don;t think that DNSSEC (writ large) is inapplicable - but thats a deployment quibble. I like the idea of ad-hoc, peer based secure channels - but that sort of requires a trusted introducer. Unfortunately for me, I have to leave on tuesday. Please keep me posted on the nature and future of these discussions.
/bill On 10/26/11, Geoffrey Huang <[email protected]> wrote: > I have to agree with the recent comments about the inapplicability of RFC > 4322. I don't think that a DNNSEC infrastructure can be assumed, > particularly not in the deployments I have seen. > > I agree with Steve Hanna's comments about the need for ad-hoc peer-to-peer > VPNs, bypassing a centralized hub. I also agree with Paul Hoffman's > comments about using an already-existing "trusted introducer." > > Finally, I will be in Taiwan, but specifically (only) to discuss this topic. > I'm hoping that the date of Wednesday, November 16 is still good for the > bar BOF that some of us had previously discussed. > > -geoff > _______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
