[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Re[2]: PPP over IPSec (without L2TP)?

To: Pyda Srisuresh <srisuresh@yahoo.com>
Subject: RE: Re[2]: PPP over IPSec (without L2TP)?
From: Stephen Kent <kent@bbn.com>
Date: Fri, 15 Oct 1999 18:45:05 -0400
Cc: aboba@internaut.com, ietf-ipsra@vpnc.org, ipsec@lists.tislabs.com
In-Reply-To: <19991015174030.14188.rocketmail@web1403.mail.yahoo.com>
Sender: owner-ipsec@lists.tislabs.com

Pyda,

>User vs. Machine authentication is really a key management protocol
>issue (i.e., IKE) - somewhat orthogonal to IPsec architecture (RFC 2401).

RFC 2401 defines ID types that must be supported in the SPD, and which are
aligned with IKE ID payload types. These ID types include X.500 DNs, that
can certainly be used to identify users, and RFC 821 names, which are
specifically user IDs (vs. the DNS ID type, which is designated for
machines).  So I disagree with your assertion that this is purely a key
management protocol issue. I do agree that protocols such as XAUTH
demonstrate a clear intent to authenticate users, not just machines, but
IKE and 2401 make definite statements to that effect already.

Steve

References:

RE: Re[2]: PPP over IPSec (without L2TP)?

From: Pyda Srisuresh <srisuresh@yahoo.com>

Prev by Date: IKE authentication method details
Next by Date: RE: comments on the latest GSSAPI draft changes
Prev by thread: RE: Re[2]: PPP over IPSec (without L2TP)?
Next by thread: RE: Re[2]: PPP over IPSec (without L2TP)?
Index(es):
- Main
- Thread