[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: comments on draft-ietf-ipsec-pki-req-01.txt - alternate names

To: Dave Mason <dmason@tis.com>
Subject: Re: comments on draft-ietf-ipsec-pki-req-01.txt - alternate names
From: Rodney Thayer <rodney@tillerman.nu>
Date: Mon, 14 Sep 1998 12:48:47 -0400
Cc: ipsec@tis.com, rodney@tillerman.nu
In-Reply-To: <199809141642.MAA25689@rubicon.rv.tis.com>
Sender: owner-ipsec@ex.tis.com

argh.  I didn't mean to prohibit that.

I myself don't like sending chains but I'm not trying to have that debate
over this document.

I'll think about how I worded things and come up with something less vague.

At 12:42 PM 9/14/98 -0400, you wrote:
>>>
>>>Could you change the wording of the third paragraph of section 3.2 to say:
>>>
>>>A root signing certificate
>>>  ^^^^
>>
>>No.  If it's not at the top of the hierarchy then it's not a root.
>>Been there, got that wrong.  You might not like my mandating 8 layers, and
>>that's fine, but
>>I am positive we'll need to deal with more than one-layer hierarchies.
>
>Without the "root" specification, this paragraph (as well as the last
>sentence of the second paragraph in section 3.3) precludes the sending
>of certificate chains via IKE (which is fine with me since the proper
>handling of chains received via IKE is not a simple matter :).
>
>-dmason
>

References:

Re: comments on draft-ietf-ipsec-pki-req-01.txt - alternate names

From: Dave Mason <dmason@tis.com>

Prev by Date: Re: comments on draft-ietf-ipsec-pki-req-01.txt - alternate names
Next by Date: Re: null encryption
Prev by thread: Re: comments on draft-ietf-ipsec-pki-req-01.txt - alternate names
Next by thread: Re: ISAKMP/Oakley under Linux
Index(es):
- Main
- Thread