[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: ???????????????

To: Paul Koning <pkoning@xedia.com>
Subject: Re: ???????????????
From: Dan Harkins <dharkins@network-alchemy.com>
Date: Wed, 09 Feb 2000 11:49:38 -0800
cc: greg.carter@entrust.com, ipsec@lists.tislabs.com
In-reply-to: Your message of "Wed, 09 Feb 2000 11:40:32 EST." <200002091640.LAA02265@tonga.xedia.com>
Sender: owner-ipsec@lists.tislabs.com

  OK, I'll 'fess up as one of the incompetents (and I'm not taking
Greg's comments as an insult). I'm not the cert guy here but I have
to use the code. And I don't read X.509 and have not read all the PKIX 
docs because I don't have the time and I'm not the cert guy anyway. 
So I was giving Greg a PKCS#10 and he was dutifully giving me back a 
PKCS#7 which I was trying to read as a raw DER (or is it BER-- see!) 
encoded cert. I tracked Greg down and he pointed out the little check 
box on the web page I should've read but didn't. Complete operator error.

  I wouldn't be surprised if this was repeated over and over at the
bakeoff. Hence the frustration about how certs just don't work when,
in fact, they do once you do things correctly.

  I tend to agree with Greg on this. And I have to thank him for not 
telling me to RTF-web-page and RTF-specs which he would've been well 
within his rights to say.

  Dan.

On Wed, 09 Feb 2000 11:40:32 EST you wrote
> >>>>> "Greg" == Greg Carter <greg.carter@entrust.com> writes:
> 
>  Greg> OK then reality check.  We issued certs to every vendor who
>  Greg> asked, with out looking I think at least 15 to 20 vendors, with
>  Greg> 3 or 4 different protocols, with off the shelf products.
>  Greg> Vendors using our toolkits verified certs from other PKI
>  Greg> vendors as well.  Is that not interop? If a VPN vendor can't
>  Greg> get a cert from each of the PKI vendors at the bakeoff its
>  Greg> because they are incompetent, nothing more nothing less. 
> 
> I'm not sure it's constructive to insult your customers.  You might
> consider the possibility that (a) showing up at a bakeoff with a bug
> in your code doesn't necessarily mean you're incompetent, (b) as with
> most protocol specs these days, conformance does not imply
> interoperability (nor vice versa), (c) there might even be a remote
> possibility that there are some bugs at the PKI side of the house
> rather than just at the VPN side.  Let him who is without bugs cast
> the first invective.
> 
> 	paul

References:

RE: ???????????????

From: Paul Koning <pkoning@xedia.com>

Prev by Date: RE: ???????????????
Next by Date: More than one VPN-Connection from a gateway
Prev by thread: RE: ???????????????
Next by thread: More than one VPN-Connection from a gateway
Index(es):
- Main
- Thread