On Sat, 21 Sep 2013, Yoav Nir wrote:
I believe this would require a separate document. But I'm not sure that tying
it to an IP address is appropriate. IKE implementations work from behind NAT
devices and sometimes move around (see MOBIKE), so I think it would be more
appropriate to tie the re
> I am interested in using a variant of DANE to bootstrap my IPSec IKE
> root certificate trust. Is anyone aware of any work been done in this
Start with rfcs 4025 and 4322.
-JimC
--
James Cloos OpenPGP: 1024D/ED7DAEA6
___
IPsec mailing list
Hi David
I believe this would require a separate document. But I'm not sure that tying
it to an IP address is appropriate. IKE implementations work from behind NAT
devices and sometimes move around (see MOBIKE), so I think it would be more
appropriate to tie the record to any type of ID payload
Hi,
I am interested in using a variant of DANE to bootstrap my IPSec IKE root
certificate trust. Is anyone aware of any work been done in this area?
>From my understanding, it looks as though the is no technical issue with using
>reverse DNS lookup for the IPSec target machine with DNSSec (alt
