[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [IPSECKEY] new draft revision (00b)
-----BEGIN PGP SIGNED MESSAGE-----
>>>>> "Rob" == Rob Austein <sra+ipseckey@hactrn.net> writes:
Rob> At Sun, 06 Apr 2003 22:50:24 -0400, Michael Richardson wrote:
>>
mundsson> There is no problem having a tag field that explains how to
mundsson> interpret the domain name if that is more palatable.
mundsson> Something like:
mundsson> gateway type domain name
mundsson> 1 sentry.foo.example. # FQDN
mundsson> 2 123.93.123.98 # IP4
mundsson> 3 2008.:efc::500 # IP6
>>
>> Here, I think that "123.93.123.98" is a string, correct?
Rob> I thought Olafur was proposing to encode an IP address as a DNS name.
His original suggestion was just that.
(Is the proper name for the wire-encode form: "DNS name"?)
I'm uncertain about his new suggestion. I'm specifically not certain how
to "wire-encode" an IPv6 name.
Rob> The issue is that Olafur's proposed encoding is not what one might
Rob> expect from the way that other RR types that carry DNS names or IP
Rob> addresses around are laid out. To me (with my chair hat off), the
Rob> "obvious" solution is what I listed earlier as option #3: a one byte
Rob> gateway type field, followed by either an FQDN or an adress, using the
Rob> same wire encodings for FQDNs and addresses that we use elsewhere in
Rob> the protocol (see the RDATA descriptions for PTR, A, and AAAA RRs).
Just tell me what to write :-)
To recap your recapping.
Options are now:
1) (add) byte to distinguish type.
wire-encode item: FQDN) as wire-encode FQDN.
IPv4) as D.C.B.A.in-addr.arpa. FQDN
IPv6) as blah.ip6.arpa. FQDN
2) byte to distinguish type.
FQDN) wire-encode item
IPv4) 4 bytes
IPv6) 16 bytes
3) byte to distinguish type. byte(?) to give length.
string: FQDN) as string format FQDN: "sentry.foo.example."
IPv4) "A.B.C.D"
IPv6) "2008:efc::500"
] ON HUMILITY: to err is human. To moo, bovine. | firewalls [
] Michael Richardson, Sandelman Software Works, Ottawa, ON |net architect[
] mcr@sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
Comment: Finger me for keys
iQCVAwUBPpGXXIqHRg3pndX9AQGKKwQA6mkn2IEs8KmVtm/+xVTZHvcdwD9LF5V6
d9hdEwfukVMl/9QsgBU8uFTizZ0NBJJl0R2bDJcjC74yoShh5UIYlT1wAEHh8Ddi
70b/XPF9gmAhfz+j9e80bXQ4nUeCRz2Cbbsbspi6ySZwQgYK6VE7NcfJNqVIpGNP
hZvKZX1GSEU=
=mOOr
-----END PGP SIGNATURE-----
-
This is the IPSECKEY@sandelman.ca list.
Email to ipseckey-request@sandelman.ca to be removed.