[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [IPSECKEY] new draft revision (00b)




> -----BEGIN PGP SIGNED MESSAGE-----
> 
> 
> >>>>> "Rob" == Rob Austein <sra+ipseckey@hactrn.net> writes:
>     Rob> At Sun, 06 Apr 2003 22:50:24 -0400, Michael Richardson wrote:
>     >> 
>     mundsson> There is no problem having a tag field that explains how to
>     mundsson> interpret the domain name if that is more palatable.
>     mundsson> Something like:
>     mundsson> gateway type    domain name
>     mundsson> 1               sentry.foo.example.     # FQDN
>     mundsson> 2               123.93.123.98           # IP4
>     mundsson> 3               2008.:efc::500          # IP6
>     >> 
>     >> Here, I think that "123.93.123.98" is a string, correct?
> 
>     Rob> I thought Olafur was proposing to encode an IP address as a DNS name
> .
> 
>   His original suggestion was just that.
>   (Is the proper name for the wire-encode form: "DNS name"?)
> 
>   I'm uncertain about his new suggestion. I'm specifically not certain how
> to "wire-encode" an IPv6 name.
> 
>     Rob> The issue is that Olafur's proposed encoding is not what one might
>     Rob> expect from the way that other RR types that carry DNS names or IP
>     Rob> addresses around are laid out.  To me (with my chair hat off), the
>     Rob> "obvious" solution is what I listed earlier as option #3: a one byte
>     Rob> gateway type field, followed by either an FQDN or an adress, using t
> he
>     Rob> same wire encodings for FQDNs and addresses that we use elsewhere in
>     Rob> the protocol (see the RDATA descriptions for PTR, A, and AAAA RRs).
> 
>   Just tell me what to write :-)
> 
>   To recap your recapping. 
> 
>   Options are now:
>   1) (add) byte to distinguish type.
>      wire-encode item:	 FQDN) as wire-encode FQDN.
> 			 IPv4) as D.C.B.A.in-addr.arpa. FQDN
> 			 IPv6) as blah.ip6.arpa. FQDN
> 
>   2) byte to distinguish type.
>      FQDN)   wire-encode item
>      IPv4)   4 bytes
>      IPv6)   16 bytes

	Go with 2.  This is a bicycle shed.

	D.C.B.A.in-addr.arpa is a legal hostname as is blah.ip6.arpa
	which rules 1 out.
	
	Domainnames should be encoded in wire format to be consistant
	with the rest of the DNS which rules out 3.

>   3) byte to distinguish type. byte(?) to give length.
>      string:	 FQDN) as string format FQDN: "sentry.foo.example."
> 		 IPv4) "A.B.C.D"
> 		 IPv6) "2008:efc::500"
> ]       ON HUMILITY: to err is human. To moo, bovine.           |  firewalls 
>  [
> ]   Michael Richardson, Sandelman Software Works, Ottawa, ON    |net architec
> t[
> ] mcr@sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ |device drive
> r[
> ] panic("Just another Debian GNU/Linux using, kernel hacking, security guy");
>  [
> 
> 
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.0.7 (GNU/Linux)
> Comment: Finger me for keys
> 
> iQCVAwUBPpGXXIqHRg3pndX9AQGKKwQA6mkn2IEs8KmVtm/+xVTZHvcdwD9LF5V6
> d9hdEwfukVMl/9QsgBU8uFTizZ0NBJJl0R2bDJcjC74yoShh5UIYlT1wAEHh8Ddi
> 70b/XPF9gmAhfz+j9e80bXQ4nUeCRz2Cbbsbspi6ySZwQgYK6VE7NcfJNqVIpGNP
> hZvKZX1GSEU=
> =mOOr
> -----END PGP SIGNATURE-----
> -
> This is the IPSECKEY@sandelman.ca list.
> Email to ipseckey-request@sandelman.ca to be removed.
--
Mark Andrews, Internet Software Consortium
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark.Andrews@isc.org
-
This is the IPSECKEY@sandelman.ca list.
Email to ipseckey-request@sandelman.ca to be removed.