FreeS/WAN IPSec for Linux, AOC-Ottawa 2002-01-24, RGB
Next Table of Contents

Must acquire public keys somehow:

  • Could be done with X.509...
  • But putting keys in DNS is better!
  • Also handles gateway discovery.

    DNS data itself signed for security:

  • Tree of signatures matching DNS tree.
  • Top-level signatures well known.
  • Top-level-domain politics are a problem.
  • Web-of-trust approach instead?

    Title Page


    Last modified by Richard Guy Briggs , Thu Jan 24 11:06:42 EST 2002 .