[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: fqdn and trailing dot in IDs

To: ipsec@lists.tislabs.com
Subject: Re: fqdn and trailing dot in IDs
From: Paul Hoffman <paul.hoffman@vpnc.org>
Date: Tue, 14 Dec 1999 13:59:58 -0800
In-Reply-To: <3856A444.340C3A46@redcreek.com>
Sender: owner-ipsec@lists.tislabs.com

At 12:10 PM 12/14/99 -0800, Ricky Charlet wrote:
>Howdy ()
>
>         So when we use a FQDN as a name to Identify an endpoint, do we 
> require
>and/or enforce that the 'trailing dot' be applied?

I certainly hope not. To the best of my understanding, that's only used in 
DNS server configuration. You quote from RFC 1912, which is an 
informational RFC that is mostly about avoiding common errors in BIND. The 
errors it refers to deal with partial domain names. We don't have those in 
IPsec. If someone has an ID that is of type FQDN and its value is "frodo", 
it is an error. The "F" really means something here.

--Paul Hoffman, Director
--VPN Consortium

References:

fqdn and trailing dot in IDs

From: Ricky Charlet <rcharlet@redcreek.com>

Prev by Date: Re: PGP keys in IKE
Next by Date: fqdn and trailing dot in IDs
Prev by thread: fqdn and trailing dot in IDs
Next by thread: fqdn and trailing dot in IDs
Index(es):
- Main
- Thread