Rob Townley wrote:
On Wed, Aug 27, 2008 at 9:50 PM, Robert Moskowitz <[EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED]>> wrote:
Rob Townley wrote:
On Wed, Aug 27, 2008 at 8:24 AM, Robert Moskowitz
<[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>
<mailto:[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>>> wrote:
Um, as the original poster, I WANT IPv6. Not make IPv4 lookups
faster by ignoring AAAA records.
Further testing has IPv6 working just fine. Thing is when I
enable the HIP API intercepts, FIrefox does not work. Like
they
are doing something 'non-standard' with the regualr TCP
socket API
so that HIP can't slide in there. I tried disabling a
number of
options, thinking it might be some security setting, but if
it is,
I have not found it.
Yep, i fully understood you wanted IPv6. i just thought you
might want to verify what settings you have for Firefox --
making sure Firefox has turned on IPv6 dns.
Default was on.
Just curious, what is the motivation for the HIP api stuff, it
is not there by default is it?
read the RFCs on HIP: 4423 and 5201-5206.
4423 provides the justification of HIP and its architecture. I
created HIP almost 10 years ago, shortly after (as IPsec co-chair)
got the IPsec RFCs out. HIP is much more than an alternative
keying protocol for ESP (compared to IKE). It directly addresses
secure mobility. HIP **IS** an important change to the TCP/IP
architecture; this has been part of its slow advancement. As such
it has its own 'native' API:
http://www.ietf.org/internet-drafts/draft-ietf-hip-native-api-05.txt.
I can go into more about HIP if you wish.
So HIP isn't in any distribution by default or is it?
No, but Ericsson just released there FreeBSD implementation:
http://www.hip4inter.net/download/download.php
And Boeing has their Vista and I think NetBSD code base.
HIPL is available for FC8 and Ubuntu and I think Suse. I saw it running
on the Nokia N810 when I was in Helsinki earlier this month.
How does one know?
Our goal is to move HIP from Experimental to Standards track in the IETF
at the November session. From there it may well be that HIP could be in
Centos 6.0. But that is a long shot.
Would it make sense to include HIP in a Wireless Access Point firmware
or a RADIUS type machine?
As a better security protocol to run RADIUS through between the AP and
the Radius server? YES!
Looks interesting, will have to keep it in mind for wlan sec.
Just remember that it is NOT a tunneling keying protocol. It runs ESP
in Transport mode, even if you are using BEET ESP mode. You can run a
tunneling protocol within it. I am working on that....
HIP is NOT a VPN alternative. It is really host-to-host security.
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
