On Wed, 9 Jul 2014, Warren Kumari wrote:
Enabling a server to look up keying information for the client was
raised as a possible feature during the charter discussions.
This is a call for discussion on "how to do” / “is this possible / advisable”.
If there is sufficient progress in in the next week the chairs would
like to dedicate some time at the meeting in Toronto to this topic.
The goal of this discussion is to
1) gauge if this possible / desirable,
2) find environments that would like full authentication of both parties.
3) evaluate different ideas on how proceed.
The Libreswan Project uses a local DNS server plugin, and piggybacking
on the cache management to do IPSECKEY lookups. Setup IKE/IPsec when you
find a new key that wasn't in the cache yet.
Paul
(unbound python plugin)
_______________________________________________
dane mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dane
