[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [IPSECKEY] new draft revision (00b)



-----BEGIN PGP SIGNED MESSAGE-----


>>>>> "Rob" == Rob Austein <sra+ipseckey@hactrn.net> writes:
    Rob> At Sun, 06 Apr 2003 22:50:24 -0400, Michael Richardson wrote:
    >> 
    mundsson> There is no problem having a tag field that explains how to
    mundsson> interpret the domain name if that is more palatable.
    mundsson> Something like:
    mundsson> gateway type    domain name
    mundsson> 1               sentry.foo.example.     # FQDN
    mundsson> 2               123.93.123.98           # IP4
    mundsson> 3               2008.:efc::500          # IP6
    >> 
    >> Here, I think that "123.93.123.98" is a string, correct?

    Rob> I thought Olafur was proposing to encode an IP address as a DNS name.

  His original suggestion was just that.
  (Is the proper name for the wire-encode form: "DNS name"?)

  I'm uncertain about his new suggestion. I'm specifically not certain how
to "wire-encode" an IPv6 name.

    Rob> The issue is that Olafur's proposed encoding is not what one might
    Rob> expect from the way that other RR types that carry DNS names or IP
    Rob> addresses around are laid out.  To me (with my chair hat off), the
    Rob> "obvious" solution is what I listed earlier as option #3: a one byte
    Rob> gateway type field, followed by either an FQDN or an adress, using the
    Rob> same wire encodings for FQDNs and addresses that we use elsewhere in
    Rob> the protocol (see the RDATA descriptions for PTR, A, and AAAA RRs).

  Just tell me what to write :-)

  To recap your recapping. 

  Options are now:
  1) (add) byte to distinguish type.
     wire-encode item:	 FQDN) as wire-encode FQDN.
			 IPv4) as D.C.B.A.in-addr.arpa. FQDN
			 IPv6) as blah.ip6.arpa. FQDN

  2) byte to distinguish type.
     FQDN)   wire-encode item
     IPv4)   4 bytes
     IPv6)   16 bytes

  3) byte to distinguish type. byte(?) to give length.
     string:	 FQDN) as string format FQDN: "sentry.foo.example."
		 IPv4) "A.B.C.D"
		 IPv6) "2008:efc::500"

]       ON HUMILITY: to err is human. To moo, bovine.           |  firewalls  [
]   Michael Richardson, Sandelman Software Works, Ottawa, ON    |net architect[
] mcr@sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
Comment: Finger me for keys

iQCVAwUBPpGXXIqHRg3pndX9AQGKKwQA6mkn2IEs8KmVtm/+xVTZHvcdwD9LF5V6
d9hdEwfukVMl/9QsgBU8uFTizZ0NBJJl0R2bDJcjC74yoShh5UIYlT1wAEHh8Ddi
70b/XPF9gmAhfz+j9e80bXQ4nUeCRz2Cbbsbspi6ySZwQgYK6VE7NcfJNqVIpGNP
hZvKZX1GSEU=
=mOOr
-----END PGP SIGNATURE-----
-
This is the IPSECKEY@sandelman.ca list.
Email to ipseckey-request@sandelman.ca to be removed.