bert hubert spake unto us the following wisdom:
> I'm considering implementing something called Simple Packet Signing. The
> current plan is at http://ds9a.nl/sps/PLAN
<snip>
> For more rationale, see the URL. I would very much appreciate your input. Is
> this a wise idea? Are there better ways to achieve this, are people already
> working on this (besides IPSEC)? etc et.
Sort of. Check out:
http://www.ietf.org/internet-drafts/draft-moskowitz-hip-04.txt
http://www.ietf.org/internet-drafts/draft-moskowitz-hip-arch-02.txt
http://www.ietf.org/internet-drafts/draft-moskowitz-hip-impl-01.txt
It goes a bit further even than what you are proposing (allowing
complete substitution of crypotgraphic ID for the host IP in most
circumstances), but it is a *very* good idea. I'm not sure I agree
with all the details at this stage, but the WG hasn't even been formed
yet, so there is a long way to go. :-)
The mailing list information and subscription form is at:
http://mail.freeswan.org/mailman/listinfo/hipsec
Ethan
--
If I've told you once, I've told you once
And once is all that you needed.
-- The Refreshments, "Carefree"
pgp78kp3QwpDP.pgp
Description: PGP signature
|