[Dnssec-deployment] Root Zone DNSSEC Deployment Technical Status Update

Paul Wouters paul at xelerance.com
Mon Jul 19 14:46:17 EDT 2010


On Mon, 19 Jul 2010, bmanning at vacation.karoshi.com wrote:

> 	IPsec works, if only because the reverse tree can be signed.
> 	Several people did work on this last century (me with TBDS,
> 	Russ Mundy/Sparta with some toolkit which I forget, Hugh and Freeswan,
> 	there were a pool of really interesting ideas)

It worked technically, and I ran with OE on our entire rack for a few
years, but in the end it simply did not scale because people don't
have access to their reverse, and they're behind NAT. And thoughts have
focussed more on using IPv6 tunneling somehow with keys.

Paul


More information about the Dnssec-deployment mailing list