Received: (from majordomo@localhost)
	by oss.sgi.com (8.11.2/8.11.3) id f7LGKTN24895
	for netdev-outgoing; Tue, 21 Aug 2001 09:20:29 -0700
Received: from lust.cs.ohiou.edu (adsl-dynamic1-129.cleveland.oh.ameritech.net [64.108.88.129])
	by oss.sgi.com (8.11.2/8.11.3) with SMTP id f7LGKP924892
	for <netdev@oss.sgi.com>; Tue, 21 Aug 2001 09:20:25 -0700
Received: (from elb@localhost)
	by lust.cs.ohiou.edu (8.11.2/8.11.2) id f7LGKMf20892;
	Tue, 21 Aug 2001 12:20:22 -0400
X-Authentication-Warning: localhost.localdomain: elb set sender to eblanton@cs.ohiou.edu using -f
Date: Tue, 21 Aug 2001 12:20:22 -0400
From: Ethan Blanton <eblanton@cs.ohiou.edu>
To: bert hubert <ahu@ds9a.nl>
Cc: netdev@oss.sgi.com
Subject: Re: Simple Packet Signing
Message-ID: <20010821122022.A20737@localhost.localdomain>
Mail-Followup-To: bert hubert <ahu@ds9a.nl>, netdev@oss.sgi.com
References: <20010821180553.A21415@fork.powerdns.com>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature"; boundary="ibTvN161/egqYuK8"
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <20010821180553.A21415@fork.powerdns.com>; from ahu@ds9a.nl on Tue, Aug 21, 2001 at 06:05:53PM +0200
X-Operating-System: Linux
X-GnuPG-Fingerprint: A290 14A8 C682 5C88 AE51  4787 AFD9 00F4 883C 1C14
Sender: owner-netdev@oss.sgi.com
Precedence: bulk
Content-Length: 1625
Lines: 55


--ibTvN161/egqYuK8
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

bert hubert spake unto us the following wisdom:
> I'm considering implementing something called Simple Packet Signing. The
> current plan is at http://ds9a.nl/sps/PLAN

<snip>

> For more rationale, see the URL. I would very much appreciate your input.=
 Is
> this a wise idea? Are there better ways to achieve this, are people alrea=
dy
> working on this (besides IPSEC)? etc et.

Sort of.  Check out:

http://www.ietf.org/internet-drafts/draft-moskowitz-hip-04.txt
http://www.ietf.org/internet-drafts/draft-moskowitz-hip-arch-02.txt
http://www.ietf.org/internet-drafts/draft-moskowitz-hip-impl-01.txt

It goes a bit further even than what you are proposing (allowing
complete substitution of crypotgraphic ID for the host IP in most
circumstances), but it is a *very* good idea.  I'm not sure I agree
with all the details at this stage, but the WG hasn't even been formed
yet, so there is a long way to go.  :-)

The mailing list information and subscription form is at:

http://mail.freeswan.org/mailman/listinfo/hipsec

Ethan

--=20
If I've told you once, I've told you once
And once is all that you needed.
		-- The Refreshments, "Carefree"

--ibTvN161/egqYuK8
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE7gopGr9kA9Ig8HBQRAhssAJ0edw89V8InpfmjYDFOnowhGNlVOwCeKa69
RuVriGx65WRgfRWj+dqfTBI=
=/8cO
-----END PGP SIGNATURE-----

--ibTvN161/egqYuK8--