>>>>> "Praveen" == Praveen Sathyanarayan <[email protected]> writes: Praveen> In this solution, HUB is the trust entity that all spoke Praveen> establish static IPSec tunnel (either using Site to site Praveen> tunnel or spoke establish dynamic remote access tunnel with Praveen> hub). When tunnel is established, spoke will exchange
So... you have a trusted third party: DNS server on HUB. If you talk to it over IPsec, you are as secure as DNSSEC, but you have perhaps less resiliancy. YOU DO NOT NEED GLOBAL DNSSEC. This will be the last time I say this. -- ] He who is tired of Weird Al is tired of life! | firewalls [ ] Michael Richardson, Sandelman Software Works, Ottawa, ON |net architect[ ] [email protected] http://www.sandelman.ottawa.on.ca/ |device driver[ Kyoto Plus: watch the video <http://www.youtube.com/watch?v=kzx1ycLXQSE> then sign the petition. _______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
