| Furthermore, if the host ID is cryptographic in nature (e.g.
| a public key), it's even fairly easy to show that the update
| messages are not forged. Even further, if you use public keys,
| you can even *delegate* the right to send update messages...
One approach to this -- if memory serves, it originated with Ran Atkinson --
is to associate an IPSEC SA with INADDR_ANY, thus reducing the problem to
a decision on whether to use a properly decrypted incoming packet's
source address as a destination address for return traffic, or to
use some other "handle". In other words, the crypto key becomes
the topology-independent identifier -- there can be many per host --
and the trick is what to do about the topology-dependent address,
so that you can reach the SA who can decrypt the message.
Naturally, this is a flavour of the key-distribution problem.
Sean.
This archive was generated by hypermail 2b29 : Mon Aug 04 2003 - 04:10:04 EDT