[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [IPSECKEY] Fwd: I-D ACTION:draft-richardson-ipsec-rr-01.txt
At 16:21 2003-01-21, Michael Richardson wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>
>
>major change is that the field list are unmoveable:
>
>3. IPSECKEY RDATA format
>
> The RDATA for an IPSECKEY RR consists of a precedence value, a public
> key (and algorithm type), and an optional gateway address.
>
> 1 1 1 1 1 1 1 1 1 1 2 2 2 2 2 2 2 2 2 2 3 3
> 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
> | gtype | algo | precedence | public key length |
> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
> | /
> / public key
> / /
> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-|
> ~ gateway ~
> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
>
>
>3.1 RDATA format - gateway type
>
> The gateway type ("gtype") field indicates the format of the gateway
> field. The gateway field may be absent.
>
> 0 No gateway field is present
>
> 1 A 32-bit IPv4 address is present in the gateway field, in section
>
> 2 A 128-bit IPv6 address is present in the gateway field. The data
> portion is an IPv6 address as described in section 3.2 of [4].
> This is a 128-bit number in network byte order.
>
> 3 A fully qualified domain name is present in the gateway field.
> The name a %lt;domain-name%gt; encoded as described in section 3.3
> of [4]. This field occupies the space until the end of the RDATA.
This is much better, than the old versions but I think we can
address both your wishes for extendibility and the wishes of DNS people
to have a single "simple" format.
How about express the gateway field always as a domain name, following
are valid domain names.
foo.bar. ; regular Domain name
123.12.1.10.in-addr.arpa ; IPv4 address
1.2.3.4.5.6.7.8.9.0.a.b.c.d.e.f.f.e.d.c.b.a.0.9.8.7.6.5.4.3.2.1.ip6.arpa.
; IPv6 address
. ; No gateway
The application needs to know extract the IPv4 and IPv6 addresses from
these domain name. This is not a problem for new address types as
they will fail in name lookup.
This eliminates the gtype field and the presentation format
only has to deal with a domain name.
Olafur
-
This is the IPSECKEY@sandelman.ca list.
Email to ipseckey-request@sandelman.ca to be removed.