[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [IPSECKEY] new draft revision (00b)
> -----BEGIN PGP SIGNED MESSAGE-----
>
>
> >>>>> "Rob" == Rob Austein <sra+ipseckey@hactrn.net> writes:
> Rob> At Sun, 06 Apr 2003 22:50:24 -0400, Michael Richardson wrote:
> >>
> mundsson> There is no problem having a tag field that explains how to
> mundsson> interpret the domain name if that is more palatable.
> mundsson> Something like:
> mundsson> gateway type domain name
> mundsson> 1 sentry.foo.example. # FQDN
> mundsson> 2 123.93.123.98 # IP4
> mundsson> 3 2008.:efc::500 # IP6
> >>
> >> Here, I think that "123.93.123.98" is a string, correct?
>
> Rob> I thought Olafur was proposing to encode an IP address as a DNS name
> .
>
> His original suggestion was just that.
> (Is the proper name for the wire-encode form: "DNS name"?)
>
> I'm uncertain about his new suggestion. I'm specifically not certain how
> to "wire-encode" an IPv6 name.
>
> Rob> The issue is that Olafur's proposed encoding is not what one might
> Rob> expect from the way that other RR types that carry DNS names or IP
> Rob> addresses around are laid out. To me (with my chair hat off), the
> Rob> "obvious" solution is what I listed earlier as option #3: a one byte
> Rob> gateway type field, followed by either an FQDN or an adress, using t
> he
> Rob> same wire encodings for FQDNs and addresses that we use elsewhere in
> Rob> the protocol (see the RDATA descriptions for PTR, A, and AAAA RRs).
>
> Just tell me what to write :-)
>
> To recap your recapping.
>
> Options are now:
> 1) (add) byte to distinguish type.
> wire-encode item: FQDN) as wire-encode FQDN.
> IPv4) as D.C.B.A.in-addr.arpa. FQDN
> IPv6) as blah.ip6.arpa. FQDN
>
> 2) byte to distinguish type.
> FQDN) wire-encode item
> IPv4) 4 bytes
> IPv6) 16 bytes
Go with 2. This is a bicycle shed.
D.C.B.A.in-addr.arpa is a legal hostname as is blah.ip6.arpa
which rules 1 out.
Domainnames should be encoded in wire format to be consistant
with the rest of the DNS which rules out 3.
> 3) byte to distinguish type. byte(?) to give length.
> string: FQDN) as string format FQDN: "sentry.foo.example."
> IPv4) "A.B.C.D"
> IPv6) "2008:efc::500"
> ] ON HUMILITY: to err is human. To moo, bovine. | firewalls
> [
> ] Michael Richardson, Sandelman Software Works, Ottawa, ON |net architec
> t[
> ] mcr@sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ |device drive
> r[
> ] panic("Just another Debian GNU/Linux using, kernel hacking, security guy");
> [
>
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.0.7 (GNU/Linux)
> Comment: Finger me for keys
>
> iQCVAwUBPpGXXIqHRg3pndX9AQGKKwQA6mkn2IEs8KmVtm/+xVTZHvcdwD9LF5V6
> d9hdEwfukVMl/9QsgBU8uFTizZ0NBJJl0R2bDJcjC74yoShh5UIYlT1wAEHh8Ddi
> 70b/XPF9gmAhfz+j9e80bXQ4nUeCRz2Cbbsbspi6ySZwQgYK6VE7NcfJNqVIpGNP
> hZvKZX1GSEU=
> =mOOr
> -----END PGP SIGNATURE-----
> -
> This is the IPSECKEY@sandelman.ca list.
> Email to ipseckey-request@sandelman.ca to be removed.
--
Mark Andrews, Internet Software Consortium
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark.Andrews@isc.org
-
This is the IPSECKEY@sandelman.ca list.
Email to ipseckey-request@sandelman.ca to be removed.