In message <[EMAIL PROTECTED]>, Derek Fawcus writes:
>On Tue, Jun 11, 2002 at 12:07:23PM -0700, Alain Durand wrote:
>>
>> The ICMP name lookup tells you who a node pretends to be,
>> not what its globally unique assigned name has been cryptographically
>> verified
>> You may or may not trust this information.
>> For local debuging purpose, it is valuable information, but it would
>> certainly raises major concerns if it were to be applied on the Internet.
>
>But surely you simply use the name retrned to do a forward lookup and
>verify that the original address is one of those returned?
>
Precisely. The cryptographic signature is not magic; it's the
assertion of validity by the owner of the address space. How do you
know the owner is telling the truth?
--Steve Bellovin, http://www.research.att.com/~smb (me)
http://www.wilyhacker.com ("Firewalls" book)
--------------------------------------------------------------------
IETF IPng Working Group Mailing List
IPng Home Page: http://playground.sun.com/ipng
FTP archive: ftp://playground.sun.com/pub/ipng
Direct all administrative requests to [EMAIL PROTECTED]
--------------------------------------------------------------------
