>>>>> "Paul" == Paul Wouters <p...@cypherpunks.ca> writes: Paul> So what happens in my case? Either google is blocked, or google is Paul> downgraded to plaintext. Or the application could distinguish between Paul> my suggested boguspublic-key versus the real google
Google is plaintext, you never had the right to speak for it. Paul> Yes, and what I'm saying is that current methods for tying DANE to IPSEC Paul> fail, because there is no binding to the legitimacy of the proclaimed Paul> gateway. I assume by "current methods", you mean RFC4322? Or is there another proposal that I've missed? -- Michael Richardson <mcr+i...@sandelman.ca>, Sandelman Software Works
pgp02LC96anVU.pgp
Description: PGP signature
_______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec