On Sat, 23 Mar 2002, Erik Nordmark wrote: > But, that would imply that the receiver somehow being able to control > who uses which of its IP addresses i.e. be able to ensure that the > peers that want more secure operation get the secure-only address > and vice-versa. > > Thus somehow the distinction between secure and non-secure destination > addresses need to be encoded in what is stored in the DNS (and > other places that translates "names" to IP addresses). > That seems like a fair amount of change to other parts of the system. > Do you have good ideas of how this can be done?
Practically this would probably require some algorithm in source/destination address selection I think. If DNS is not used, practically this would either mean some encoding in the address (but the "damage" would be limited to the subnet of nodes implementing ABK), or more or less educated guesses based on some heuristics. -- Pekka Savola "Tell me of difficulties surmounted, Netcore Oy not those you stumble over and fall" Systems. Networks. Security. -- Robert Jordan: A Crown of Swords -------------------------------------------------------------------- IETF IPng Working Group Mailing List IPng Home Page: http://playground.sun.com/ipng FTP archive: ftp://playground.sun.com/pub/ipng Direct all administrative requests to [EMAIL PROTECTED] --------------------------------------------------------------------
