[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: I-D ACTION:draft-ietf-ipsec-isakmp-gss-auth-03.txt

To: ipsec@lists.tislabs.com
Subject: RE: I-D ACTION:draft-ietf-ipsec-isakmp-gss-auth-03.txt
From: "Waters, Stephen" <Stephen.Waters@cabletron.com>
Date: Fri, 8 Oct 1999 15:30:09 +0100
Sender: owner-ipsec@lists.tislabs.com


Derrell,

I've taken a quick wonder through the GSS documents now. And I have a
questions:

A few weeks/months back, we were debating on the list how public-key could
be used with IKE without the need for PKI (CA/CRL/RA).

One of the suggestions that came out (that I was fond of :) ), was you
provide clients with just their own private key, and the public key of the
server.  The server has its own public/private key, and access to a secure
database containing the clients private keys. This was given the name
'private public-key'. The IKE exchange is standard signature authentication,
with off-line cracking protection.


>From what I can tell from GSS and your draft, it is basically the same
model, except that we are talking about adding a new 'thing' everywhere
called GSS-API software.

Cheers, Steve.

Prev by Date: I-D ACTION:draft-ietf-ipsec-isakmp-gss-auth-03.txt
Next by Date: ipsec ldap schema
Prev by thread: I-D ACTION:draft-ietf-ipsec-isakmp-gss-auth-03.txt
Next by thread: RE: I-D ACTION:draft-ietf-ipsec-isakmp-gss-auth-03.txt
Index(es):
- Main
- Thread