On 6/25/20 3:29 PM, Erik Nygren wrote: > One quick comment is that binding tokens to IP addresses is strongly > counter-recommended. > It doesn't survive NATs or proxies, mobility, and it is especially > problematic in IPv6+IPv4 dual-stack environments.
There's been a bunch of past work done developing similar sorts of
protocols, and for what it's worth I wrote up a mechanism for
using address tags and address rewrites, but unfortunately Cisco
decided to patent it. Anyway, there are ways of dealing with this
problem that don't require binding the address to the token ("all
technical problems can be solved by introducing a layer of
indirection").
Melinda
--
Melinda Shore
melinda.sh...@nomountain.net
Software longa, hardware brevis
signature.asc
Description: OpenPGP digital signature
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
