Re: Is there agreement on ddns (or any such) with autoconfigured hosts?
On Wed, Jun 29, 2005 at 02:20:58PM -0400, Michael Richardson wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
>
>
> >>>>> "Marc" == Marc Singer <elf@buici.com> writes:
> >> Random clients do not have a trust relationship with the owner of
> >> the reverse zone. (consider laptops that show up at an IETF)
>
> Marc> The fascination with reverse lookups baffles me.
>
> Read:
> http://www.sandelman.ca/SSW/freeswan/oeid/draft-richardson-ipsec-opportunistic.html
>
> And you'll understand.
> It's not the PTR that I care about (although I do like it to be
> correct), it is the IPSECKEY that I want to insert.
OK. That helps me a bit. I've been wondering for some time why
people cared (or trusted) ptr records.
The IPSECKEYs are different. Let me see if I get this right. Based
on the RFC, there doesn't appear to be a solution. This isn't really
about the records, per se, but establishing trust. DNS becomes the
weakest link as soon as we start with the dynamic updates. I am
willing to trust myself and my home network, but there is no reason
for me to trust any other network...especially *not* cafes and hotels.
Hmm.
Reply to: