[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [IPSECKEY] new draft revision (00b)



At Sat, 05 Apr 2003 17:36:52 -0500, Ólafur Guðmundsson wrote:
> 
> The motivation for encoding the addresses as domain names is to keep the
> record simpler for DNS servers and keep the extensibility without having
> to register format of a new field. The reason I suggested using the reverse
> name as the domain name was to avoid any confusion with regular domain
> names.

Maybe I'm be missing something, but zone file parsers are going to
have to know about the IPSECKEY RDATA format in any case, and FQDNs,
IPv4 adresses, and IPv6 addresses are all RDATA fields that any such
parser is already going to know how to parse.  So I don't really see
the gain, except perhaps for something like a template-driven parser
that can't handle choices.  Is that what you meant?

> There is no problem having a tag field that explains how to interpret
> the domain name if that is more palatable.
> Something like:
>          gateway type    domain name
>          1               sentry.foo.example.     # FQDN
>          2               123.93.123.98           # IP4
>          3               2008.:efc::500          # IP6
> 
> will work just as well and keep the record smaller.

Sounds like we need to hear from implementors.  If Olafur's proposed
encoding above saves you some real effort, say that, so that we can
say so in the draft as justification for not having done the obvious
raw address encodings; if Olafur's proposed encoding doesn't help you
enough to be worth the risk that somebody will object to the encoding
trick while we're trying to push this through the mill, say that.

In either case, let's please try to wrap this up soon.
-
This is the IPSECKEY@sandelman.ca list.
Email to ipseckey-request@sandelman.ca to be removed.