ad hoc IPsec or similiar
Taral
taralx at gmail.com
Tue Jun 26 14:05:31 EDT 2007
On 6/26/07, Sandy Harris <sandyinchina at gmail.com> wrote:
> It is certainly a problem, but you can get around it partially even if your IP
> address is dynamically assigned:
>
> http://www.freeswan.org/freeswan_trees/freeswan-2.00/doc/quickstart.html#opp.client
>
> You do need to use a dynamic DNS server to handle your keys, but there
> are lots of those, and many do provide that service.
>
> Also, this is limited to "initiate-only" IPsec; it does not handle incoming
> connections. However, that may be enough for many client machines that live
> in dynamic address space.
I don't get it. Why is it so limited? Reverse DNS is not significantly
more trustworthy than simply querying the remote host on a known port
if you don't have DNSSEC.
--
Taral <taralx at gmail.com>
"Please let me know if there's any further trouble I can give you."
-- Unknown
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list