[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: PKIX vs draft-ietf-ipsec-pki-req-02.txt

To: marks@thawte.com
Subject: Re: PKIX vs draft-ietf-ipsec-pki-req-02.txt
From: Stephen Kent <kent@bbn.com>
Date: Mon, 2 Aug 1999 14:40:44 -0400
Cc: ipsec@lists.tislabs.com
In-Reply-To: <37A5E060.2856AF18@thawte.com>
Sender: owner-ipsec@lists.tislabs.com

Mark,


IPsec, unlike SSL, has no client or server roles.  It is a peer
communication protocol.  So, I am not so keen to put in distinctions of
the sort you mentioned.  Aslo, the following OIDs are from 2459, and
they don't contain an "ipsec server" entry:


<fontfamily><param>Courier_New</param><bigger>KeyPurposeId ::= OBJECT
IDENTIFIER


-- extended key purpose OIDs

id-kp-serverAuth      OBJECT IDENTIFIER ::= { id-kp 1 }

id-kp-clientAuth      OBJECT IDENTIFIER ::= { id-kp 2 }

id-kp-codeSigning     OBJECT IDENTIFIER ::= { id-kp 3 }

id-kp-emailProtection OBJECT IDENTIFIER ::= { id-kp 4 }

id-kp-ipsecEndSystem  OBJECT IDENTIFIER ::= { id-kp 5 }

id-kp-ipsecTunnel     OBJECT IDENTIFIER ::= { id-kp 6 }

id-kp-ipsecUser       OBJECT IDENTIFIER ::= { id-kp 7 }

id-kp-timeStamping    OBJECT IDENTIFIER ::= { id-kp 8 }



</bigger></fontfamily>I hate to admit it, as co-chair of PKIX, but I'm
not sure why we have an ipsecTunnel entry here.  User and EndSystem
make sense, but not tunnel.


Steve

Follow-Ups:

Re: PKIX vs draft-ietf-ipsec-pki-req-02.txt

From: Mark Shuttleworth <marks@thawte.com>

Re: PKIX vs draft-ietf-ipsec-pki-req-02.txt

From: Rodney Thayer <rodney@ssh.fi>

References:

PKIX vs draft-ietf-ipsec-pki-req-02.txt

From: Mark Shuttleworth <marks@thawte.com>

Prev by Date: PKIX vs draft-ietf-ipsec-pki-req-02.txt
Next by Date: Re: PKIX vs draft-ietf-ipsec-pki-req-02.txt
Prev by thread: PKIX vs draft-ietf-ipsec-pki-req-02.txt
Next by thread: Re: PKIX vs draft-ietf-ipsec-pki-req-02.txt
Index(es):
- Main
- Thread