[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Request for Clarification of Usage of Certificate Request Payload to Maximimze Interoperability
At 12:25 PM 1/26/00 -0800, Allen_Rochkind@3com.com wrote:
>However, what I questioned is whether a device having
>multiple end entity certs, each issued by a different root, is realistic.
And many people responded that it was. Think extranets where each security
gateway trusts only a CA controlled by the company that owns the gateway.
Think VPN clients that are used by people who talk to more than one
security gateway at different companies.
> Each
>device belongs in general to one security domain, with some administrator
>managing the security attributes of that device.
I do not think this matches the business model of many companies in the VPN
business. There is a wide expectation that companies will use
IPsec-and-firewall boxes for controlling ingress of trusted outsiders to
their resources.
--Paul Hoffman, Director
--VPN Consortium
References: