[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [IPSECKEY] new draft revision (00b)



At 02:41 2003-04-05, Rob Austein wrote:
>At Tue, 01 Apr 2003 18:41:08 -0500, Michael Richardson wrote:
> >
> > So, the immediate address of the gateway indicates to the initiator where
> > to perform the IKE negotiation. It has no direct relationship to IDs used
> > within IKE.
> >
> > Olafur originally suggested the format that we have now. Perhaps he will
> > respond.
>
>If there was any further discussion on this, I didn't see it.
>
>Olafur?

The motivation for encoding the addresses as domain names is to keep the
record simpler for DNS servers and keep the extensibility without having
to register format of a new field. The reason I suggested using the reverse
name as the domain name was to avoid any confusion with regular domain
names.
There is no problem having a tag field that explains how to interpret
the domain name if that is more palatable.
Something like:
         gateway type    domain name
         1               sentry.foo.example.     # FQDN
         2               123.93.123.98           # IP4
         3               2008.:efc::500          # IP6

will work just as well and keep the record smaller.

         Olafur

-
This is the IPSECKEY@sandelman.ca list.
Email to ipseckey-request@sandelman.ca to be removed.