[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: key management

To: housley@spyrus.com
Subject: Re: key management
From: Phil Karn <karn@qualcomm.com>
Date: Tue, 13 Dec 1994 21:29:46 -0800
Cc: ipsec@ans.net, perry@imsi.com
In-Reply-To: <9411137873.AA787334262@spysouth.spyrus.com> (housley@spyrus.com)

>I agree with number 2, we need to pick a certificate format.  However, I 
>think that certificates to support IPSP should contain host names, not user 
>names.

I disagree. One big application I have in mind for IPSP is to support
mobile/portable users operating from temporary IP addresses, e.g.,
from the IETF terminal room. As long as you have the secret RSA (or
DSS) key that corresponds to the public key already on file with your
security gateway back at work, you can puncture your company's
firewall and gain complete logical IP connectivity in a secure fashion
from any IP address you happen to be using.

In this situation it makes a lot of sense for the keys in the IPSP
gateway to have the names of your users on them.

Phil

Follow-Ups:

Re: key management

From: David Carrel <carrel@cisco.com>

References:

Re: key management

From: "Housley, Russ" <housley@spyrus.com>

Prev by Date: Re: key management
Next by Date: Re: key management
Prev by thread: Re: key management
Next by thread: Re: key management
Index(es):
- Main
- Thread