Re: Nodes and Users

["William Allen Simpson" <bsimpson@morningstar.com>]

> From: "Perry E. Metzger" <perry@piermont.com>
> Bill has expressed to me in private mail that he thinks that the
> question of certificates, certificate formats and naming can wait, but
> frankly I don't think it can because we don't have a usable system
> without it.
>
I firmly disagree.  The _usable_ system is Photuris with names and
secrets, using only MD5 and DES, which can leverage off the current
installed base.  This fills exactly the same needs as the AH and ESP
base requirements.

As an intermediate step, PGP certificates are likely to be used.

Waiting for DNS-SIG, X.509 (3 versions), and other certificate
distribution is not my idea of a usable system.  Maybe in 2001.

I am not in favor of holding up a mechanism that is _better_ than
manually distributed names and secrets for session-keys, in order to
argue the details of a more complicated long-term identification
distribution mechanism.

That is why the certificates are in a separate extensions document.
It will probably be argued yet another year....

Bill.Simpson@um.cc.umich.edu
          Key fingerprint =  2E 07 23 03 C5 62 70 D3  59 B1 4F 5E 1D C2 C1 A2

---

Follow-Ups:

• Re: Nodes and Users
• From: "Perry E. Metzger" <perry@piermont.com>

---

• Prev by Date: Re: Photuris // Variable-Precision numbers
• Next by Date: Re: Nodes and Users
• Prev by thread: Re: Nodes and Users
• Next by thread: Re: Nodes and Users
• Index(es):
  • Main
  • Thread