[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: key management

To: carrel@cisco.com
Subject: Re: key management
From: Phil Karn <karn@qualcomm.com>
Date: Thu, 15 Dec 1994 20:01:37 -0800
Cc: housley@spyrus.com, ipsec@ans.net
In-Reply-To: <199412142131.NAA01395@large.cisco.com> (message from David Carrel on Wed, 14 Dec 1994 13:31:38 -0800)

>you're right that for many situations a "user" certificate is what's
>appropriate.  But for some situations an IP address or host-name
>certificate is more appropriate.  There is nothing that precludes us from
>using both.  Let's not limit ourselves to using only one.

Absolutely not. I've left the "ownership" of a certificate completely
arbitrary. That certainly seems to cover all the bases.

More specifically, for expediency and also because I like it, I'm
using the existing PGP public key infrastructure. The convention there
is that keys are owned by people who identify themselves with email
addresses, but absolutely nothing in PGP enforces this -- user IDs can
be arbitrary text strings with any meaning you choose to give them.

Phil

References:

Re: key management

From: David Carrel <carrel@cisco.com>

Prev by Date: Re: Clogging attacks on SKIP
Next by Date: News item from Edupage...
Prev by thread: Re: key management
Next by thread: Re[2]: key management
Index(es):
- Main
- Thread