Tinc 2.0
Rob Townley
rob.townley at gmail.com
Sat Mar 7 01:26:20 CET 2009
On Fri, Mar 6, 2009 at 5:09 PM, Guus Sliepen <guus at tinc-vpn.org> wrote:
> On Fri, Mar 06, 2009 at 08:19:12AM -0600, Rob Townley wrote:
>
>> Maybe I am missing something, but since each host already has a public
>> & private key, then why is a 3rd party needed currently?
>
> If the clients exchange their public keys, and have public routable addresses,
> then a 3rd party is indeed not needed.
Most of our hosts have dynamic changing IP addresses behind NATs
(laptops). Storing the public keys in a KEY dns resource record and
putting the list of network nodes in a TXT record on a dedicated DNS
server would work with NAT, the clients would not need static publicly
routable ip addresses because dynamic dns, and would not need to
pre-exchange keys.
http://zytrax.com/books/dns/ch8/key.html
>
>> But it is difficult to replicate the public host file to each
>> machine. That is why I would welcome a modified myDns or modified
>> djbdns that holds the public key for each dynamically updated
>> hostname. Hamachi must use a special DNS server to accomplish this.
>
> Actually the problem is not replicating the host files, it's the lack of
> control you'd have if you just did that. I think that the certificate based
> authorisation I have in mind will provide that control.
Look forward to reading that.
>
> --
> Met vriendelijke groet / with kind regards,
> Guus Sliepen <guus at tinc-vpn.org>
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.9 (GNU/Linux)
>
> iEYEARECAAYFAkmxrRsACgkQAxLow12M2nv/igCgqGjazUcumcUAaWCafwu9sYe8
> zGMAoKCEuqYhZ0znPmZO+RRvLF6e7pXV
> =RR1p
> -----END PGP SIGNATURE-----
>
> _______________________________________________
> tinc mailing list
> tinc at tinc-vpn.org
> http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc
>
>
More information about the tinc
mailing list