[pisa-src] r2430 - docs/protocol_spec/application.tex

From: Thomas Jansen <mithi@xxxxxxxxx>
To: pisa-src@xxxxxxxxxxxxx
Date: Thu, 27 Jan 2011 17:35:41 +0100
Author: tjansen
Date: Thu Jan 27 17:35:41 2011
New Revision: 2430

Log:
some clarifications for trustpoints/pairing

Modified:
   docs/protocol_spec/application.tex

Modified: docs/protocol_spec/application.tex
==============================================================================
--- docs/protocol_spec/application.tex  Thu Jan 27 16:50:40 2011        (r2429)
+++ docs/protocol_spec/application.tex  Thu Jan 27 17:35:41 2011        (r2430)
@@ -128,10 +128,30 @@
 
 Client and trustpoint need to know each other for the trustpoint to forward 
traffic towards the internet.
 For the client to "know" its trustpoint it needs to know its IPv4 address in 
the PISA address space and the HIT this IP resolves to.
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 % ist das eigtl. korrekt ? kommt ja sehr auf die rolle des nutzers an, oder ?
+%%%%%%%%%%%%%%%%%%%%%%%
+% TJ: Nicht ganz. Die IPv4-Adresse im PISA-Namesraum (d.h. eine virtuelle IP)
+% wird dem Client vom Server im Register Response mitgeteilt, die braucht vorab
+% nicht bekannt zu sein. Was wohl benötigt wird, ist die public IP des
+% Trustpoints. Die ist aber nicht im PISA Namensraum, sonder routbar im
+% Internet. Da der TP aber typischerweise per DSL und damit mit
+% nicht-statischer IP angebunden ist, muss hier mit DynDNS o.ä. gearbeitet
+% werden, Details dazu stehen noch aus.
+% In wie fern denn Rolle des Nutzers? Ein TP kann nur von einem Native Client
+% benutzt werden, was die Rolle des Nutzers ziemlich einschränkt.
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 A client may only have one trustpoint, the trustpoint is thus added as the 
default route/gateway for any Internet-bound traffic
 For the trustpoint to only forward traffic by a trusted client, the HIT (and 
signed certificate) of this client needs to be known.
 This information is exchanged prior to the client requesting Internet-bound 
traffic during the \emph{pairing} of these devices.
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+% TJ: Clients haben keine Zertifikate, nur Trustpoints (und Service Gateways).
+% Die Clients werden über ihre HIT eindeutig identifiziert. Im Pairing merkt
+% sich der TP dann, welche HITs sozusagen whitelisted sind.
+% Ein Client kann theoretisch mit mehreren TPs gepaired sein, es darf
+% allerdings nur eine aktive Relay-Verbindung geben, damit das Routing im
+% Client funktioniert.
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 
 \item[Legacy router]
 
-- 
This is the pisa developer mailing list. Please also subscribe to the main pisa 
list at:
//www.freelists.org/list/pisa
[pisa-src] r2430 - docs/protocol_spec/application.tex

Other related posts:
