[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Comments on "Hybrid Auth. mode for IKE"

To: ipsec@tis.com
Subject: Re: Comments on "Hybrid Auth. mode for IKE"
From: "Michael C. Richardson" <mcr@sandelman.ottawa.on.ca>
Date: Mon, 03 Aug 1998 06:11:38 -0400
In-reply-to: Your message of "Mon, 03 Aug 1998 15:05:52 EDT." <v03110700b1e2448c6f64@[128.89.0.110]>
Sender: owner-ipsec@ex.tis.com


>>>>> "Stephen" == Stephen Kent <kent@bbn.com> writes:
    Stephen> IPsec, period.  My goal is to not degrade the minimum quality of
    Stephen> security service offered by the use of IPsec.  Hopefully there
    Stephen> may be a way to satosfy both goals, but I am not prepared to
    Stephen> backoff on mine in the name of "market demands, legacy systems,
    Stephen> etc."

  So long as the market provides a superset of what you need, and provides
knobs for the policy controls, shouldn't you be able to do what you want?

  [It would also be nice for all vendors on a particular platform to provide
a way (an API) to subsitute a different certificate validation function so
that  PKIX name constraints could be introduced into products that don't
understand the extensions, but that is something perhaps for PKIX to
standardize] 

   :!mcr!:            |  Network and security consulting/contract programming
   Michael Richardson |         Firewalls, TCP/IP and Unix administration
 Personal: <A HREF="http://www.sandelman.ottawa.on.ca/People/Michael_Richardson/Bio.html">mcr@sandelman.ottawa.on.ca</A>. PGP key available.
 Corporate: <A HREF="http://www.sandelman.ottawa.on.ca/SSW/">sales@sandelman.ottawa.on.ca</A>. 
	ON HUMILITY: To err is human, to moo bovine.

References:

Re: Comments on "Hybrid Auth. mode for IKE"

From: Stephen Kent <kent@bbn.com>

Next by Date: an inbound SPD-check question
Next by thread: Re: an inbound SPD-check question
Index(es):
- Main
- Thread