[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [IPSECKEY] Fwd: I-D ACTION:draft-richardson-ipsec-rr-01.txt



At 16:21 2003-01-21, Michael Richardson wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>
>
>major change is that the field list are unmoveable:
>
>3. IPSECKEY RDATA format
>
>    The RDATA for an IPSECKEY RR consists of a precedence value, a public
>    key (and algorithm type), and an optional gateway address.
>
>                            1 1 1 1 1 1 1 1 1 1 2 2 2 2 2 2 2 2 2 2 3 3
>        0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
>       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
>       | gtype | algo  |  precedence   |     public key length         |
>       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
>       |                                                               /
>       /                          public key
>       /                                                               /
>       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-|
>       ~                            gateway                            ~
>       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
>
>
>3.1 RDATA format - gateway type
>
>    The gateway type ("gtype") field indicates the format of the gateway
>    field.  The gateway field may be absent.
>
>    0  No gateway field is present
>
>    1  A 32-bit IPv4 address is present in the gateway field, in section
>
>    2  A 128-bit IPv6 address is present in the gateway field.  The data
>       portion is an IPv6 address as described in section 3.2 of [4].
>       This is a 128-bit number in network byte order.
>
>    3  A fully qualified domain name is present in the gateway field.
>       The name a %lt;domain-name%gt; encoded as described in section 3.3
>       of [4].  This field occupies the space until the end of the RDATA.

This is much better, than the old versions but I think we can
address both your wishes for extendibility and the wishes of DNS people
to have a single "simple" format.
How about express the gateway field always as a domain name, following
are valid domain names.
         foo.bar.                        ; regular Domain name
         123.12.1.10.in-addr.arpa        ; IPv4 address
    1.2.3.4.5.6.7.8.9.0.a.b.c.d.e.f.f.e.d.c.b.a.0.9.8.7.6.5.4.3.2.1.ip6.arpa.
                                         ; IPv6 address
         .                               ; No gateway

The application needs to know extract the IPv4 and IPv6 addresses from
these domain name. This is not a problem for new address types as
they will fail in name lookup.

This eliminates the gtype field and the presentation format
only has to deal with a domain name.

         Olafur



-
This is the IPSECKEY@sandelman.ca list.
Email to ipseckey-request@sandelman.ca to be removed.