[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: PKIX vs draft-ietf-ipsec-pki-req-02.txt
Mark,
IPsec, unlike SSL, has no client or server roles. It is a peer
communication protocol. So, I am not so keen to put in distinctions of
the sort you mentioned. Aslo, the following OIDs are from 2459, and
they don't contain an "ipsec server" entry:
<fontfamily><param>Courier_New</param><bigger>KeyPurposeId ::= OBJECT
IDENTIFIER
-- extended key purpose OIDs
id-kp-serverAuth OBJECT IDENTIFIER ::= { id-kp 1 }
id-kp-clientAuth OBJECT IDENTIFIER ::= { id-kp 2 }
id-kp-codeSigning OBJECT IDENTIFIER ::= { id-kp 3 }
id-kp-emailProtection OBJECT IDENTIFIER ::= { id-kp 4 }
id-kp-ipsecEndSystem OBJECT IDENTIFIER ::= { id-kp 5 }
id-kp-ipsecTunnel OBJECT IDENTIFIER ::= { id-kp 6 }
id-kp-ipsecUser OBJECT IDENTIFIER ::= { id-kp 7 }
id-kp-timeStamping OBJECT IDENTIFIER ::= { id-kp 8 }
</bigger></fontfamily>I hate to admit it, as co-chair of PKIX, but I'm
not sure why we have an ipsecTunnel entry here. User and EndSystem
make sense, but not tunnel.
Steve
Follow-Ups:
References: