Recently, I looked at all the ways GnuPG can retrieve PGP keys from the internet to see which of these methods are actually useful. This blog post describes a summary of my conclusions.
GnuPG modern (2.1.16) can retrieve keys from the internet using the following mechanisms:
cert: a DNS CERT PGP record as defined in RFC-4398 pka: a DNS CERT IPGP record, also defined in RFC-4398 or a DNS TXT record, depending on the version of GnuPG.
This post details the setup of the additional steps required to deploy a IPv6-only server bedind NAT64 with Tayga.
This post uses the documentation prefix (2001:db8::/32), replace this with your own prefix. This can be a ULA prefix.
The basis is explained in a post by Luuk Hendriks.
Goal The goal is to reach an IPv6-only webserver behind a dual stack router. This is done by using NAT64 on a third device to reach the server.
Configuring X.509 based IPsec on an Edgerouter running EdgeOS.
1 of 1