[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Reliable delete notifies

To: ipsec <ipsec@lists.tislabs.com>
Subject: Re: Reliable delete notifies
From: Michael Richardson <mcr@solidum.com>
Date: Tue, 10 Oct 2000 11:54:30 -0400
In-Reply-To: Your message of "Sun, 08 Oct 2000 23:10:30 EDT." <200010090310.e993AUM18668@nyarlathotep.cis.upenn.edu>
Sender: owner-ipsec@lists.tislabs.com


>>>>> "Angelos" == Angelos D Keromytis <angelos@dsl.cis.upenn.edu> writes:
    Angelos> I would in fact argue for removal of preshared-key
    Angelos> authentication; it was useful for debugging or for very simple
    Angelos> setups, but the protocol complexity introduced both directly
    Angelos> (because of the need to support 2 or 3 auth methods) and
    Angelos> indirectly (encourages addition of other authentication
    Angelos> mechanisms) are simply not worth it.

  I would agree to this on one condition only:

  That the spec lists a simple, well known format (i.e. PKCS10) by which
self-signed certificates can be loaded into the trusted store, and by which
they will be produced. That implementations *MUST* support this.

  Debugging a CA system as well as IKE is simply a non-starter.

   :!mcr!:            |  Solidum Systems Corporation, http://www.solidum.com
   Michael Richardson |For a better connected world,where data flows faster<tm>
 Personal: http://www.sandelman.ottawa.on.ca/People/Michael_Richardson/Bio.html
	mailto:mcr@sandelman.ottawa.on.ca	mailto:mcr@solidum.com

Follow-Ups:

Re: Reliable delete notifies

From: Henry Spencer <henry@spsystems.net>

References:

Re: Reliable delete notifies

From: "Angelos D. Keromytis" <angelos@dsl.cis.upenn.edu>

Prev by Date: Re: Reliable delete notifies
Next by Date: Re: Reliable delete notifies
Prev by thread: Re: Reliable delete notifies
Next by thread: Re: Reliable delete notifies
Index(es):
- Main
- Thread