Re: AI_SECURE_CANONNAME, AI_CANONNAME_SEARCH_* (Re: getaddrinfo() and se

Jun-ichiro itojun Hagino wrote:
> > > > I've recently concluded that we need an extension to getaddrinfo() along
> > > > these lines, but I'm looking for somewhat tighter and more generic
> > > > semantics.
> > > >
> > > > My proposal is to add an AI_SECURE_CANONNAME flag with the following
> > > > semantics:
> > > >         
> > >     do not try to implement policy into applications.  you will end up
> > >     forced to (?) rewrite every existing applications.
> > >   
> > >       
> > perhaps, but having the policy be application-independent doesn't make
> > sense either.
> >     
> >      it can be application-specific, without application modification.
> >      check out "systrace" by Niels Provos.
> >     
it's useful but it really isn't flexible enough to remove the need for
applications to be able to specify policies.

Keith


_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf