[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: comments on draft-ietf-ipsec-pki-req-01.txt - alternate names



At 08:11 10/09/98 -0400, you wrote:

>So a random packet from an illegitimate address identified with 
>a certificate from example.com (a defined-to-be-invalid domain) is fine?

Do you trust the CA that signed the certificate? Is the certificate
still valid?
If you answer both questions with "yes", it is fine.

>So the actual identity and the sanity of that identity are irrelevant?

You don't check the "sanity of that identity". The CA should do.
You just check the sanity of the CA.

Jörn Sierwald




Follow-Ups: References: