[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [IPSECKEY] reverse map usage
-----BEGIN PGP SIGNED MESSAGE-----
>>>>> "Jakob" == Jakob Schlyter <jakob@rfc.se> writes:
>> Often a security gateway will only have access to the IP address to
>> which communication is desired. It will not know the forward name. As
>> such, it will frequently be the case that the IP address will be used
>> an index into the reverse map.
Jakob> what else could be used as an index into the reverse map?
1) one could use the IP address to find a PTR and the look for the key
in the forward map. This fails for a number of reasons, but it has been
suggested.
2) one could change the BSD sockets API to take forward names instead of
struct sockaddr_in, and therefore keep the forward name all the way.
3) HIP does something else, which I won't describe here.
Jakob> if nothing, that needs rewording I think.
As for rewording - I'm not sure how else to say it. Can you perhaps
help here?
] ON HUMILITY: to err is human. To moo, bovine. | firewalls [
] Michael Richardson, Xelerance Corporation, Ottawa, ON |net architect[
] mcr@xelerance.com http://www.sandelman.ottawa.on.ca/mcr/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Finger me for keys
iQCVAwUBQBk/M4qHRg3pndX9AQHkVgP8D3adDSwl2WlrfQMoNzrUu9O0JS7VWuwh
SozD5sW0vslkkdd49bfirBHxvzmDbDtTI9jO550gjVp/q9Uhxzk4YgR1yp40fQZa
FkZIAtKmeohQicpka1rk95UmD9ZiWgglnC9yj90CrUgUBrDUu4o1xGsd2JSlCckw
VoAeHXCNEhM=
=RAM3
-----END PGP SIGNATURE-----
-
This is the IPSECKEY@sandelman.ca list.
Email to ipseckey-request@sandelman.ca to be removed.