[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [IPSECKEY] reverse map usage



-----BEGIN PGP SIGNED MESSAGE-----


>>>>> "Jakob" == Jakob Schlyter <jakob@rfc.se> writes:
    >> Often a security gateway will only have access to the IP address to
    >> which communication is desired. It will not know the forward name. As
    >> such, it will frequently be the case that the IP address will be used
    >> an index into the reverse map.

    Jakob> what else could be used as an index into the reverse map? 

  1) one could use the IP address to find a PTR and the look for the key
     in the forward map. This fails for a number of reasons, but it has been
     suggested. 

  2) one could change the BSD sockets API to take forward names instead of
     struct sockaddr_in, and therefore keep the forward name all the way.
     
  3) HIP does something else, which I won't describe here.

    Jakob> if nothing, that needs rewording I think.

  As for rewording - I'm not sure how else to say it. Can you perhaps
help here?

]       ON HUMILITY: to err is human. To moo, bovine.           |  firewalls  [
]   Michael Richardson,    Xelerance Corporation, Ottawa, ON    |net architect[
] mcr@xelerance.com      http://www.sandelman.ottawa.on.ca/mcr/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [

  

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Finger me for keys

iQCVAwUBQBk/M4qHRg3pndX9AQHkVgP8D3adDSwl2WlrfQMoNzrUu9O0JS7VWuwh
SozD5sW0vslkkdd49bfirBHxvzmDbDtTI9jO550gjVp/q9Uhxzk4YgR1yp40fQZa
FkZIAtKmeohQicpka1rk95UmD9ZiWgglnC9yj90CrUgUBrDUu4o1xGsd2JSlCckw
VoAeHXCNEhM=
=RAM3
-----END PGP SIGNATURE-----
-
This is the IPSECKEY@sandelman.ca list.
Email to ipseckey-request@sandelman.ca to be removed.