See comments inline. 2009/12/23 孙崇伟 <[email protected]>: > > > 2009/12/21 Frederic-Philippe Metz <[email protected]> >> >> Hi all, >> >> within the context of a centralized enrollement, I have some questions >> abut rules and functionalities: >> >> Section 3.6.1. figures out that for first time setup, the user queries >> DNS on the overlay name and gets the address of a configuration >> server. The configuration server in then contacted and a configuration >> document is provided to the user, having the content of a bootstrap >> node and an enrollment server. The configuration document is described >> in section 10.1. >> >> Correct so far ? >> >> But the user needs a certificate first. So Section 3.6.2 says that the >> user performs a connection to the enrollment server (with username/pw) >> to obtain a certificate (with node-id, etc.). >> >> Correct so far ? >> >> In conflict to that, section 10.2. states that the adress of the >> enrollment server is found with a DNS query, not with the content of a >> configuration document and, furthermore, the configuration document is >> downloaded from enrollment server and the certificate, according to >> section 10.3, is assigned by an credential-server. >> >> Please help me clarifying this conflict. >> >> From my understanding by now, there is: >> >> 1. initially one server providing a configuration document, including >> the bootstrap-nodes (and some other things for joining the overlay). >> The address is resolved by querying the overlay name. > > in 10.1 (the second latest paragraph of page 110),the draft said:"this > element represents the address of one of the bootstrap nodes. It has an > attribute called "address" that represents the IP address".so it is no need > to resolve the address by querying the overlay name.
Yes, I meant the server providing the config document. This name is resolved by DNS. >> >> 2. The user then queries the service name p2psip_enroll and get the >> address of an Enrollment server. The user performs a connection to get >> a certificate (with node-id etc.). This certificate is assigned by the >> enrollment server. > > Do you mean both the certification assignment and node-ID assignment are > achieved by the enrollment server?right? Yes. >> >> 3. The user then joins the overlay with the given certificate. >> >> But this lacks some understanding of a credential-server and/or Rules >> on the other elements/servers/functionalities. >> >> Regards, >> frederic >> _______________________________________________ >> P2PSIP mailing list >> [email protected] >> https://www.ietf.org/mailman/listinfo/p2psip > > > > -- > Sun Chongwei > Mobile LIfe and New Media Lab > Beijing University of Posts and Telecommunications > _______________________________________________ P2PSIP mailing list [email protected] https://www.ietf.org/mailman/listinfo/p2psip
