W3C home > Mailing lists > Public > public-xg-webid@w3.org > February 2011

Re: WebID-ISSUE-32 (nodns_webid): URIs with IP addresses and security [WebID Spec]

From: Peter Williams <home_pw@msn.com>
Date: Tue, 15 Feb 2011 08:27:54 -0800
Message-ID: <BLU0-SMTP34CFF376D5EB98CD92634A92D30@phx.gbl>
CC: "public-xg-webid@w3.org" <public-xg-webid@w3.org>
To: WebID Incubator Group WG <public-xg-webid@w3.org>
Let's note that IPSec secures ip addresses - making no assumptions on dns.

Let's note that https works today globally with endpoints (and supporting certs) using ip address identifiers (rather than dns)

Let's note that most home computers get an ip address that is registered in the home router, but typically in no dns zone. 

I'll investigate whether commodity home routers in modems and wifi bridges respond to reverse dns reqs, given ip address. One has to distinguish between ipv6 discovery and name registration, here, since ipv6 changes the game considerably.




On Feb 15, 2011, at 4:49 AM, WebID Incubator Group Issue Tracker <sysbot+tracker@w3.org> wrote:

> 
> WebID-ISSUE-32 (nodns_webid): URIs with IP addresses and security [WebID Spec]
> 
> http://www.w3.org/2005/Incubator/webid/track/issues/32
> 
> Raised by: Henry Story
> On product: WebID Spec
> 
> A URL need not contain a domain name, and so need not be tied to DNS. For example:
> 
>   http://29.45.62.12/peter#me
> or
>    https://29.45.62.12/peter#me
> 
> What are the advantages?
>  - Does it really bypass DNS?  Does anyone ever get an IP address without a domain name? 
> 
> But how would security for such URLs work? 
> 
> If we think of pure https URLs the following questions arise
> 
>  - Do CAs certify IP addresses?
>  - The advantage of placing public keys in DNSSEC with DANE would be lost
> 
> So would this require a completely new way of securing the IP address?
> 
> 
> 
> 
Received on Tuesday, 15 February 2011 16:28:24 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:06:22 UTC