[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: editorial on Photuris




>   It is legitimate for folks in the IPsec WG to work on adding X.509
> support as extensions to the various key mgmt proposals.  However, in
> my view the burden of producing the specific text changes desired for
> such X.509 support is on those folks who wish to use X.509.  If the

  The primary situation I see where X.509 certificates would be used would be
when integrating with a GSSAPI that used X.509 certificates (e.g. Entrust). 
  In this case, the key management would be taken care of by the GSSAPI 
already. (And may not even allow one to access to they keying routines. I am 
about to look and see if it is even possible to deal with out of order 
encrypted packets!)
  I would envision GSSAPIs being selected at the ESP/AH level, not at the
keying layer.





References: