[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IPsec near term work

To: Steve Kent <kent@BBN.COM>
Subject: Re: IPsec near term work
From: "Perry E. Metzger" <pmetzger@lehman.com>
Date: Thu, 03 Feb 1994 10:29:44 -0500
Cc: ipsec@ans.net
In-Reply-To: Your message of "Thu, 03 Feb 1994 09:49:16 EST." <199402031451.JAA17828@lehman.com>
Reply-To: pmetzger@lehman.com


Steve Kent says:
> Perry,
> 
> 	Since the PGP web does not have notions of names comparable in
> structure to DNs, and no name subordinatin rule, it might be more
> accurate to say that a user could manually configure and manage his
> web to mimic the PEM hierarchy, but his software could not do this
> for him automatically because it lacks the features described above.
> Also, because PGP has no CL facility, the result also would not be
> comparable to the PEM system, so I think it potentially misleading to
> characterize the PEM model as a strict subset of the PGP model.

Actually, I'm more refering to the "web of trust" model than to PGP's
implementation of that model. PGP is just one possible way to
implement this model, and it lacks support for large scale use of the
model -- but that does not mean that the model could not be
implemented in a scalable way, and indeed I suspect that it would
scale if this was made an objective of the design. I see no reason why
software couldn't be set up to mimic the PEM heirarchy automatically
were this considered a desirable feature -- as a sanity check, lets
all remember that at least in theory computers can do anything humans
can.

Perry

Follow-Ups:

Re: IPsec near term work

From: Steve Kent <kent@BBN.COM>

Prev by Date: Re: >IPSEC Charter - New Dra
Next by Date: Re: IPsec near term work
Prev by thread: Re: IPsec near term work
Next by thread: Re: IPsec near term work
Index(es):
- Main
- Thread