[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IPsec near term work

To: Steve Kent <kent@BBN.COM>
Subject: Re: IPsec near term work
From: Derek Atkins <warlord@MIT.EDU>
Date: Thu, 03 Feb 94 14:58:33 EST
Cc: pmetzger@lehman.com, ipsec@ans.net
In-Reply-To: Your message of Thu, 03 Feb 94 09:49:16 -0500. <199402031451.AA24194@interlock.ans.net>

Steve:

One of the ideas is that anonymity should be available.  The fact that
there is a name on an key doesn't mean anything unless you have a
proper certification on that name...  Also, in this case, the lack of
a name subordination rule is a big win.  I can think of a number of
cases where this model wins highly over a strict CA hierarchy.  If you
want, I can explain one posibility, but I won't belabor the point
unless people want to hear it.

> Also, because PGP has no CL facility, the result also would not be
> comparable to the PEM system, so I think it potentially misleading to
> characterize the PEM model as a strict subset of the PGP model.

Well, besides the fact that we are discussing the Web-of-trust, not
"PGP" (PGP is a program that implements a cryptographic protocol and a
web-of-trust certification model), I was wondering what you mean by
"CL".. I couldn't find this term in any of the RFC's, and I don't know
what you mean by this.  Are you talking about a Revocation?  Please
expand the acronym "CL", if you don't mind.

-derek

Follow-Ups:

Re: IPsec near term work

From: Steve Kent <kent@BBN.COM>

References:

Re: IPsec near term work

From: Steve Kent <kent@BBN.COM>

Prev by Date: Re: Emphasizing Key Mgmt
Next by Date: Re: Emphasizing Key Mgmt
Prev by thread: Re: IPsec near term work
Next by thread: Re: IPsec near term work
Index(es):
- Main
- Thread