[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Request for Clarification of Usage of Certificate Request Payload to Maximimze Interoperability

To: Allen_Rochkind@3com.com, Jan Vilhuber <vilhuber@cisco.com>
Subject: Re: Request for Clarification of Usage of Certificate Request Payload to Maximimze Interoperability
From: Paul Hoffman <paul.hoffman@vpnc.org>
Date: Wed, 26 Jan 2000 14:37:47 -0800
Cc: ipsec@lists.tislabs.com
In-Reply-To: <88256872.006FE9B2.00@hqoutbound.ops.3com.com>
Sender: owner-ipsec@lists.tislabs.com

At 12:25 PM 1/26/00 -0800, Allen_Rochkind@3com.com wrote:
>However, what I questioned is whether a device having
>multiple end entity certs, each issued by a different root, is realistic.

And many people responded that it was. Think extranets where each security 
gateway trusts only a CA controlled by the company that owns the gateway. 
Think VPN clients that are used by people who talk to more than one 
security gateway at different companies.

>   Each
>device belongs in general to one security domain, with some administrator
>managing the security attributes of that device.

I do not think this matches the business model of many companies in the VPN 
business. There is a wide expectation that companies will use 
IPsec-and-firewall boxes for controlling ingress of trusted outsiders to 
their resources.

--Paul Hoffman, Director
--VPN Consortium

References:

Re: Request for Clarification of Usage of Certificate Request Payload to Maximimze Interoperability

From: Allen_Rochkind@3com.com

Prev by Date: Re: IPsec & SNMP
Next by Date: RE: IEEE ICON' 2000 Conference - Call for Papers, Tutorials ...
Prev by thread: Re: Request for Clarification of Usage of Certificate Request Payload to Maximimze Interoperability
Next by thread: Re: from Lotus Notes
Index(es):
- Main
- Thread