>> i may be asking a stupid question, but where do you get that private
>> key from? for instance, if a node responds with "www.ietf.org",
>> we could get a public key for www.ietf.org by KEY RR query, but
>> not the private key (it's on ietf.org authoritative server, and
>> is not accessible from outside).
>Presumably the device answering the ICMP request is the one named,
>and therefore knows the private key associated with its name.
no, the device answering ICMPv6 request is not named.
with the "type ipv6nodeinfo" directive, named will work like this:
- accept DNS query from a DNS client resolver.
- send NI query to the target address.
- receive NI response from the target.
- send DNS response to the original DNS client resolver.
since the NI query target can return arbitrary FQDN (like
"www.ietf.org") named does not have the private key.
client resolver ---------> named -------> the target
DNS query NI query
client resolver <--------- named <------- the target
DNS response NI response
itojun
--------------------------------------------------------------------
IETF IPng Working Group Mailing List
IPng Home Page: http://playground.sun.com/ipng
FTP archive: ftp://playground.sun.com/pub/ipng
Direct all administrative requests to [EMAIL PROTECTED]
--------------------------------------------------------------------
