On Mon, Sep 13, 2010 at 04:35:54PM +0200, no-re...@cfengine.com wrote: > http://www.cfengine.org/manuals/cf3-reference.html#dynamicaddresses-in-server > might also help. The NAT aspect is definitely tricky.
What about indexing client public keys by their fingerprint? For example, once key exchange is performed, client can verify server by its public key and server in order to do the same can request either public key itself or its hash and then lookup ppkeys storage using hash as index (instead of IP/DNS address). _______________________________________________ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
