On 6/8/20 10:16 AM, Nico Williams wrote:
On Mon, Jun 08, 2020 at 10:11:09AM -0700, Joe Touch wrote:
On Jun 8, 2020, at 10:00 AM, Michael Thomas <mike@xxxxxxxx> wrote:
i assume that you can hack ipsec to emulate clients not having certs.
It is called BTNS. See RFC 5387.
Yes, but you also need RFC5660 implementations to make it more
meaningful. Still, if all you want is error detection, BTNS will do.
this is undoubtedly a complete rehash, but who controls what the root
CA's are with ipsec? is that something that the application layer has
some say-so over? could my app say i don't care who the root CA is?
Mike
