ad hoc IPsec or similiar

Taral taralx at
Tue Jun 26 14:05:31 EDT 2007

On 6/26/07, Sandy Harris <sandyinchina at> wrote:
> It is certainly a problem, but you can get around it partially even if your IP
> address is dynamically assigned:
> You do need to use a dynamic DNS server to handle your keys, but there
> are lots of those, and many do provide that service.
> Also, this is limited to "initiate-only" IPsec; it does not handle incoming
> connections. However, that may be enough for many client machines that live
> in dynamic address space.

I don't get it. Why is it so limited? Reverse DNS is not significantly
more trustworthy than simply querying the remote host on a known port
if you don't have DNSSEC.

Taral <taralx at>
"Please let me know if there's any further trouble I can give you."
    -- Unknown

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list