[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: SIPP and SKIP. 2 subjects.

To: Ashar Aziz <ashar@firstperson.com>
Subject: Re: SIPP and SKIP. 2 subjects.
From: Steve Kent <kent@BBN.COM>
Date: Tue, 02 Aug 94 15:01:33 -0400
Cc: ipsec@ans.net
In-Reply-To: Your message of Tue, 02 Aug 94 10:27:45 -0700. <9408021727.AA09199@miraj.Eng.Sun.COM>

Ashar,

	While I certainly agree about the problems of establishing an
infrastructure, let me observe that we will almost certainly have
multiple certificate systems in place among the (hopefully) wide range
of prospective users of IPSP.  For example, while a certificate signed
with RSA and containing a D-H public key is one reasonable candidate,
the DoD is establishing a certificate system win which there are
certificates signed by the DSS and containing a KEA public key (plus a
DSS public key for signing).  So, there are at least two obvious
certificate systems that could be widely deployed and which use
different key exchange algorithms.  Thus some means of specifying what
algorithms are being used, even if they cannot be "negotiated" seems
like an essential aspect of the security association establishment
protocol.

Steve

References:

Re: SIPP and SKIP. 2 subjects.

From: ashar@firstperson.com (Ashar Aziz)

Prev by Date: Re: SIPP and SKIP. 2 subjects.
Next by Date: Re: SIPP and SKIP. 2 subjects.
Prev by thread: Re: SIPP and SKIP. 2 subjects.
Next by thread: Re: SIPP and SKIP. 2 subjects.
Index(es):
- Main
- Thread