> >> I've recently concluded that we need an extension to getaddrinfo() along > >> these lines, but I'm looking for somewhat tighter and more generic > >> semantics. > >> > >> My proposal is to add an AI_SECURE_CANONNAME flag with the following > >> semantics: > > > > do not try to implement policy into applications. you will end up > > forced to (?) rewrite every existing applications. > > > perhaps, but having the policy be application-independent doesn't make > sense either. it can be application-specific, without application modification. check out "systrace" by Niels Provos. itojun _______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf