[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: TED poll (Re: Draft Minutes from IPSP WG Mtg at 52st IETF)

At 16:35 19/12/2001 -0500, Henry Spencer wrote:

On Wed, 19 Dec 2001, Luis A. Sanchez wrote:
> It would be extremely difficult to configure, maintain, secure, and just to
> make work in general an LDAP or series of LDAP directories with all the IP
> addresses of all the IPsec Security Gateways that could be protecting some set
> of hosts at any given time...

Of course, if you want a database that covers all those gateways, there
*already is one*.  It's called DNS.  Why re-invent the wheel, especially
when the re-invented one is often square?

So, we are back to square one: using the KX of DNSsec ;-)

Personally, I do not disagree


                                                          Henry Spencer