** Branch linked: lp:~ptman/hipl/cryptoagility -- You received this bug notification because you are a member of HIPL core team, which is subscribed to HIPL. https://bugs.launchpad.net/bugs/886509 Title: HIPv2: cryptoagility for DNS proxy Status in Host Identity Protocol for Linux: New Bug description: HIPv2 requires some agility also in the DNS proxy. Let's have a look at an example. Remote host advertises its HIs with the following algorithms in DNS: * x * y * z But the local host supports only the following algos for its HITs: * y The result: the DNS proxy of the local host looks up the remove HIs, it should return only the remote HIs with algo Y to maximize compatibility. In other words, the proxy filters out incompatible remote addresses. When the proxy does not find any compatible addresses, the results depends on local policy (i.e. command line argument to the proxy): either nothing gets returned or the proxy returns regular IP addresses. Feel free to comment, this is just my initial suggestion how to resolve this. I think we could have this feature already in HIPv1 even though it is not strictly speaking needed (but we do have multiple algos). To manage notifications about this bug go to: https://bugs.launchpad.net/hipl/+bug/886509/+subscriptions