I'm considering implementing something called Simple Packet Signing. The
current plan is at http://ds9a.nl/sps/PLAN
"Ok, I have an itch to scratch. I have a laptop wich travels a lot and
therefore has a very dynamic IP address. Even our home has a dynamic IP
address, within a certain range. I currently grant broad access to my
servers so that I am able to connect from all those IP addresses to ssh, to
open up my access lists, so I can ssh to the rest of the network.
Also, I am sometimes in a situation where I need to trust an IP address
which can be forged by lots of untrustworthy people. Everybody in the chain
from me to that server might be able to acquire my IP address, and thus
gain access to my servers!
* Sometimes I just wish that I would be able to simply sign my packets, and
* have my access lists recognise the signature, and accept my traffic."
For more rationale, see the URL. I would very much appreciate your input. Is
this a wise idea? Are there better ways to achieve this, are people already
working on this (besides IPSEC)? etc et.