Is the answer to this problem possibly that DNS records to configure IPSEC should go in the reverse DNS?
On Tue, Jul 31, 2012 at 7:00 PM, Michael Richardson <[email protected]> wrote: > >>>>>> "Paul" == Paul Wouters <[email protected]> writes: > Paul> So what happens in my case? Either google is blocked, or google is > Paul> downgraded to plaintext. Or the application could distinguish > between > Paul> my suggested boguspublic-key versus the real google > > Google is plaintext, you never had the right to speak for it. > > Paul> Yes, and what I'm saying is that current methods for tying DANE to > IPSEC > Paul> fail, because there is no binding to the legitimacy of the > proclaimed > Paul> gateway. > > I assume by "current methods", you mean RFC4322? > Or is there another proposal that I've missed? > > -- > Michael Richardson <[email protected]>, Sandelman Software Works > > > > _______________________________________________ > IPsec mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/ipsec > -- Website: http://hallambaker.com/ _______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
