[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
multiple payloads via "ID_LIST"
-----BEGIN PGP SIGNED MESSAGE-----
>>>>> "Rodney" == Rodney Thayer <rodney@tillerman.nu> writes:
Rodney> I like this. What would you want the cert to have in it?
Rodney> (Again, all I'm asking is how you want people to decide which
Rodney> cert to use given this payload...)
Rodney, you ask such difficult questions.
In my mind, this is useful only during phase II.
That should eliminate the need for this question since the ID field
to be compared to the certificate would be the one used in phase I.
If you want to use this in phase I, then I think you need Kent's
work on delegating ownership of IP address ranges. The things in the list
much all be covered by one or more certificates.
[i.e. if I ask for a list of ports that I wish to protect, then I can do it
with a certificate that only has my IP address in it. Asking for a list of
ports would be quite reasonable for FTP-like applications, although perhaps
not FTP itself]
:!mcr!: | Network and security consulting/contract programming
Michael Richardson | Firewalls, TCP/IP and Unix administration
Personal: http://www.sandelman.ottawa.on.ca/People/Michael_Richardson/Bio.html
Corporate: http://www.sandelman.ottawa.on.ca/SSW/
ON HUMILITY: To err is human, to moo bovine.
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: latin1
Comment: Processed by Mailcrypt 3.4, an Emacs/PGP interface
iQB1AwUBNgLYE9iXVu0RiA21AQERCgL/Y0djVSU4N2JdRa/X2i70AbfYIQH3wbGc
vm1Ms5122aoIgctLFd1cfb0e4MDykvuFxZqq4q/Yqc3wv7W35m+BGl9SJ9O/RlpX
bwB0WyjP/FpKVa5QJutSpHAHAa9XsVKB
=z5zD
-----END PGP SIGNATURE-----
Follow-Ups:
References: