On Nov 29, 2011, at 5:39 PM, Nico Williams wrote: > On Tue, Nov 29, 2011 at 7:31 PM, Paul Hoffman <[email protected]> wrote: >> At this point, we are trying to state requirements. You have already ran >> full-force into proposed solutions. > > Looking at the sorts of solutions that might be in scope can help me > understand the problem space by illustration, particularly when new > [to me] terminology is used that confuses me. I'm proposing nothing > in particular so much as illustrative concepts.
Noted. >> On Nov 29, 2011, at 2:17 PM, Nico Williams wrote: >>> As for nearest SG for a given administrative domain, well, I'm >>> thinking of anycasting and multicasting, as well as SRV RRs. >> >> That's "discovery by looking around". I propose that a much simpler solution >> is "discovery by listening for trusted parties to register with you their >> information". That is, the introducer has a list of trusted gateways (which >> might be other introducers), and it listens for them to tell it what >> addresses they are responsible for and the policies that are associated with >> them. There should also be a way for a gateway to ask an introducer what the >> introducer knows about the gateway. > > I see. That makes sense, but you have to see the space of SGs or > other "introducers" that you know about. They might multicast for you > to discover them. That's a push model; I would propose a pull model based on existing trust relationships. What do others think? --Paul Hoffman _______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
