Note on (not) generic AFI/SAFI.

svn path=/openssl/README; revision=27
author: Rob Austein <sra@hactrn.net> 2006-07-20 19:56:20 +0000
committer: Rob Austein <sra@hactrn.net> 2006-07-20 19:56:20 +0000
commit: 53025c43030ad66f05c497190e6ac491c79ef3c0 (patch)
tree: 42f85285e40ba89797bb21c6e1a4163b32540438 /openssl
parent: 2d98fe3f5c72c4023226c508a13bf37094268ec6 (diff)
1 files changed, 17 insertions, 0 deletions
diff --git a/openssl/README b/openssl/README
index 61d88c62..c650cbd5 100644
--- a/openssl/README
+++ b/openssl/README
@@ -296,3 +296,20 @@ already in canonical form please leave it alone"?
 
 util/mkstack.pl finds DECLARE_STACK_OF() declarations and generates
 safestack definitions automatically.  Be afraid.  Be very very afraid.
+
+
+
+Upon closer examination of RFC 3779, it's not possible to do a
+completely general handler for unknown AFIs, because it's the AFI that
+tells one that maximum length of an address (which in turn is required
+for certain operations, eg, canonization).
+
+So I guess we end up with:
+
+a) IPv4:foo, IPv4-SAFI:foo, IPv6:foo, IPv6-SAFI:foo (or something like
+   that -- perhaps encode SAFI names too, eg IPv4-Unicast:foo), and
+
+b) A table of known AFIs telling us the length of an address for that
+   AFI.  For the moment I'm probably not going to bother filling that
+   in for anything but IPv4 and IPv6, but having the mechanism in
+   place for other AFIs seems harmless.
author	Rob Austein <sra@hactrn.net>	2006-07-20 19:56:20 +0000
committer	Rob Austein <sra@hactrn.net>	2006-07-20 19:56:20 +0000
commit	53025c43030ad66f05c497190e6ac491c79ef3c0 (patch)
tree	42f85285e40ba89797bb21c6e1a4163b32540438 /openssl
parent	2d98fe3f5c72c4023226c508a13bf37094268ec6 (diff)