If DNSSEC were deployed, I see no reason why SAs could not be
bound to domain names.
Donald
From: RJ Atkinson <[EMAIL PROTECTED]>
Message-Id: <[EMAIL PROTECTED]>
Date: Mon, 18 Dec 2000 20:45:43 -0500
To: [EMAIL PROTECTED] (Sean Doran)
Cc: [EMAIL PROTECTED]
In-Reply-To: <[EMAIL PROTECTED]>
> The root issue with ESP/AH and NAT is that the Internet
>Architecture does not currently have a sufficiently rich set
>of namespaces. In the world of the current Internet Architecture,
>ESP and AH are forced to bind SAs to addresses. In a different
>world, they might be able to bind SAs to a different name. Some
>folks are exploring which, if any, additional namespaces might
>make sense to add to the architecture. As this is research,
>not engineering, it is largely happening in the IRTF for now.
>If something comes of it, no doubt an I-D or two will appear
>online for perusal...
>
>Ran
