[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: key management

To: perry@imsi.com
Subject: Re: key management
From: Ashar.Aziz@eng.sun.com (Ashar Aziz)
Date: Wed, 14 Dec 94 11:31:56 PST
Cc: ipsec@ans.net

>From: perry@imsi.com (Perry E. Metzger)
>From ipsec-request@ans.net Tue Dec 13 08:17:53 1994
>     2) All but SKIP lack clearly articulated key certificates (and SKIP's
>        seem to be X.509 based, which is probably non-optimal)

Perry,

The reason I picked X.509 was that there was precedence in IETF
protocols (PEM) for using that certificate encoding format.

If there are specific issues/deficiencies using the X.509 approach
which may be fixed using some alternative scheme, I would like
to learn of that and would be happy to incorporate any such
suggestions into the draft.

> (I'm also a bit concerned that SKIP would need
>some alteration to handle user level keying.)

The way I see it is that this is primarily a naming/certificate management
issue. I dont think that the basic SKIP protocol would need to be modified
to handle user level keying. Additional wording would be needed to
identify per user certificates/SAIDs. However, the only reason
this alteration would be needed to the certificate management section
of SKIP is because the SKIP draft talks about certificate management,
while the other proposals have so far punted on this issue.

Ashar.

Prev by Date: Re: key management
Next by Date: Re: Proposal: Perfect forward secrecy a MUST
Prev by thread: Re: Re[2]: key management
Next by thread: Re[4]: key management
Index(es):
- Main
- Thread