On Tue, 21 Aug 2012, Phillip Hallam-Baker wrote:
Is the answer to this problem possibly that DNS records to configure
IPSEC should go in the reverse DNS?
Been there, done that in 1995, did not work.
When people make claims like that, I prefer to see a reason. Or are we
meant to take the fact that you could not make it work to mean that it
is impossible?
It was called The FreeS/WAN Project and was founded by John Gilmore.
It's Opportuistic Encryption used TXT records in the reverse. The two
main problems were no one could add anything in their "own" reverse,
and massive deployment of NAT meant people couldn't make their machines
visible and reachable.
Additionally, I see lots of signs the reverse for IPv6 is going to be
even worse - even ISPs aren't really caring about it.
Paul
_______________________________________________
IPsec mailing list
IPsec@ietf.org
https://www.ietf.org/mailman/listinfo/ipsec
