-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 02/27/2011 05:15 PM, Bruce Lowekamp wrote: > On Sun, Feb 20, 2011 at 1:28 PM, Marc Petit-Huguenin <[email protected]> wrote:
[...] > > OK, so the Signature extension is mandatory to use multiple Node-IDs in > certificates. But the IceExtension still seems useless, as, thanks to the > Signature extension, we always know the Node-Id on each side of the Attach. > > >> I think the IceExtension would be needed for connection sharing, so >> since you said you're setting that aside for now, I agree. > > Also a client joining the overlay using a certificate with multiple Node-IDs, > using the procedure in the second bullet of section 3.2.1 will still have > problems. > > >> Assuming the Attach is using SignerIdentity, I don't see any problems >> with that, since the peer would know the node-id that the node is >> using. Clients that are using the mechanism described in the last paragraph of section 3.2.1 do not send Attach, so a peer would have to spy on the first message coming from the connection of this client to extract the Node-ID from the SignerIdentity and be able to add the connection to the connection table. - -- Marc Petit-Huguenin Personal email: [email protected] Professional email: [email protected] Blog: http://blog.marc.petit-huguenin.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iEYEARECAAYFAk1rDlcACgkQ9RoMZyVa61dE/wCfadcwiQFAnaQuOGG6VxOphl+D Dk4AniSw21hHNXbDm/GM442x+nOB05Fe =6hrr -----END PGP SIGNATURE----- _______________________________________________ P2PSIP mailing list [email protected] https://www.ietf.org/mailman/listinfo/p2psip
