[pisa-src] r2429 - docs/protocol_spec/application.tex

  • From: Hanno Wirtz <Hanno.Wirtz@xxxxxxxxxxxxxxxxxxxxx>
  • To: pisa-src@xxxxxxxxxxxxx
  • Date: Thu, 27 Jan 2011 16:50:41 +0100

Author: wirtz
Date: Thu Jan 27 16:50:40 2011
New Revision: 2429

Log:
trustpoint and pairing

Modified:
   docs/protocol_spec/application.tex

Modified: docs/protocol_spec/application.tex
==============================================================================
--- docs/protocol_spec/application.tex  Thu Jan 27 15:16:10 2011        (r2428)
+++ docs/protocol_spec/application.tex  Thu Jan 27 16:50:40 2011        (r2429)
@@ -123,9 +123,15 @@
 Traffic that is generated by a native client and is intended for the Internet 
rather than for an endpoint in the PISA network needs to go through this 
trustpoint.
 To this end, a native client's default route (for destinations outside the 
PISA address space) points to the trustpoint, which is either his own access 
point at home or
 a trustpoint of/for a number of users provided by a company or university.
-At the trustpoint, this traffic is "unwrapped" and forwarded over the users 
own Internet connection to its original destination.
-
+At the trustpoint, traffic for the Internet is "unwrapped" and forwarded over 
the users own Internet connection to its original destination.
+Return traffic intended for the client is in turn encapsulated with the 
HIP/IPsec and PISA tunnel mechanisms and is sent to the client.
 
+Client and trustpoint need to know each other for the trustpoint to forward 
traffic towards the internet.
+For the client to "know" its trustpoint it needs to know its IPv4 address in 
the PISA address space and the HIT this IP resolves to.
+% ist das eigtl. korrekt ? kommt ja sehr auf die rolle des nutzers an, oder ?
+A client may only have one trustpoint, the trustpoint is thus added as the 
default route/gateway for any Internet-bound traffic
+For the trustpoint to only forward traffic by a trusted client, the HIT (and 
signed certificate) of this client needs to be known.
+This information is exchanged prior to the client requesting Internet-bound 
traffic during the \emph{pairing} of these devices.
 
 \item[Legacy router]
 
-- 
This is the pisa developer mailing list. Please also subscribe to the main pisa 
list at:
//www.freelists.org/list/pisa

Other related posts:

  • » [pisa-src] r2429 - docs/protocol_spec/application.tex - Hanno Wirtz
  1. Home
  2. pisa-src
  3. Archive
  4. 01-2011