[hipl-dev] [Bug 886509] Re: HIPv2: cryptoagility for DNS proxy
- From: Paul Tötterman <886509@xxxxxxxxxxxxxxxxxx>
- To: hipl-dev@xxxxxxxxxxxxx
- Date: Sat, 28 Apr 2012 17:56:06 -0000
** Branch linked: lp:~ptman/hipl/cryptoagility
--
You received this bug notification because you are a member of HIPL core
team, which is subscribed to HIPL.
https://bugs.launchpad.net/bugs/886509
Title:
HIPv2: cryptoagility for DNS proxy
Status in Host Identity Protocol for Linux:
New
Bug description:
HIPv2 requires some agility also in the DNS proxy. Let's have a look
at an example.
Remote host advertises its HIs with the following algorithms in DNS:
* x
* y
* z
But the local host supports only the following algos for its HITs:
* y
The result: the DNS proxy of the local host looks up the remove HIs,
it should return only the remote HIs with algo Y to maximize
compatibility. In other words, the proxy filters out incompatible
remote addresses.
When the proxy does not find any compatible addresses, the results
depends on local policy (i.e. command line argument to the proxy):
either nothing gets returned or the proxy returns regular IP
addresses.
Feel free to comment, this is just my initial suggestion how to
resolve this. I think we could have this feature already in HIPv1 even
though it is not strictly speaking needed (but we do have multiple
algos).
To manage notifications about this bug go to:
https://bugs.launchpad.net/hipl/+bug/886509/+subscriptions
Other related posts:
