[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Name canon/secure name service (Re: kink-09)

To: "KAMADA Ken'ichi" <kamada@xxxxxxxxxx>
Subject: Re: Name canon/secure name service (Re: kink-09)
From: Ken Raeburn <raeburn@xxxxxxx>
Date: Tue, 13 Sep 2005 14:02:41 -0400
Cc: ietf-kink@xxxxxxxx
In-reply-to: <>
List-archive: <http://www.vpnc.org/ietf-kink/mail-archive/>
List-id: <ietf-kink.vpnc.org>
List-unsubscribe: <mailto:ietf-kink-request@vpnc.org?body=unsubscribe>
References: <> <> <> <>
Sender: owner-ietf-kink@xxxxxxxxxxxxx

On Sep 13, 2005, at 06:14, KAMADA Ken'ichi wrote:

host->address was in my mind. Suppose an environment where the granularity of SA or principal is hosts. Two users are on sharedhost.example.com, which has 10.0.0.9. They wanted to be protected by KINK and typed somehost.good.example.com and anotherhost.bad.example.com respectively. And if, both hostnames were resolved to 10.0.0.1...
Then, what the KINK daemon on the sharedhost.example.com should do?
Which key should be used to protect the SAs between 10.0.0.9 and
10.0.0.1?

Ah, I see. Interesting... I'm not sure what to do about this case.

I don't think this is a KINK/Kerberos specific matter, though.

No, it isn't. How would a non-Kerberos IPsec deployment deal with such a case?

Ken

Follow-Ups:
- Re: Name canon/secure name service (Re: kink-09)
  - From: KAMADA Ken'ichi

References:
- kink-09
  - From: Ken Raeburn
- Name canon/secure name service (Re: kink-09)
  - From: KAMADA Ken'ichi
- Re: Name canon/secure name service (Re: kink-09)
  - From: Ken Raeburn
- Re: Name canon/secure name service (Re: kink-09)
  - From: KAMADA Ken'ichi

Prev by Date: Re: Name canon/secure name service (Re: kink-09)
Next by Date: Ticket and SA lifetime (Re: kink-09)
Previous by thread: Re: Name canon/secure name service (Re: kink-09)
Next by thread: Re: Name canon/secure name service (Re: kink-09)
Index(es):
- Date
- Thread