[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: New XAUTH draft

To: "'ipsec@lists.tislabs.com'" <ipsec@lists.tislabs.com>
Subject: RE: New XAUTH draft
From: Greg Carter <greg.carter@entrust.com>
Date: Thu, 20 May 1999 23:14:44 -0400
Sender: owner-ipsec@lists.tislabs.com

How is that?

If you configure your box to check CRLs at each auth AND your CA is
intelligent enough to push new CRLs each time a cert is revoked I don't see
how the "revocation" would be slower than a RADIUS auth, and I know it is
more secure

Bye.


> ----------
> From: 	Bronislav Kavsan[SMTP:bkavsan@ire-ma.com]
> Sent: 	Thursday, May 20, 1999 6:27 PM
> To: 	ipsec@lists.tislabs.com
> Subject: 	Re: New XAUTH draft
> 
> One interesting benefit of XAUTH (or rather so-called legacy
> authentication
> schemes) is that you can revoke user from the RADIUS database very
> quickland
> reliably - for sure much faster and simpler than dealing with CRLs in it's
> current state of PKI.
> 
> Slava Kavsan
> IRE
> 
>

Follow-Ups:

Re: New XAUTH draft

From: Bronislav Kavsan <bkavsan@ire-ma.com>

Prev by Date: Re: New XAUTH draft
Next by Date: RE: New XAUTH draft
Prev by thread: Re: New XAUTH draft
Next by thread: Re: New XAUTH draft
Index(es):
- Main
- Thread