[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Reliable delete notifies

To: IP Security List <ipsec@lists.tislabs.com>
Subject: Re: Reliable delete notifies
From: Henry Spencer <henry@spsystems.net>
Date: Tue, 10 Oct 2000 18:46:35 -0400 (EDT)
In-Reply-To: <200010101554.LAA14452@solidum.com>
Sender: owner-ipsec@lists.tislabs.com

On Tue, 10 Oct 2000, Michael Richardson wrote:
>     Angelos> I would in fact argue for removal of preshared-key
>     Angelos> authentication...
> 
>   I would agree to this on one condition only:
>   That the spec lists a simple, well known format (i.e. PKCS10) by which
> self-signed certificates can be loaded into the trusted store, and by which
> they will be produced. That implementations *MUST* support this.

I would agree wholeheartedly with this.  This is a problem we've run into
during interoperability testing:  even when both parties are perfectly
happy to exchange RSA keys manually, no two systems agree on the
key-exchange data format.  Personally, I'd favor something much closer to
RFC 2537 format -- it's far simpler than any form of certificate -- but
*any* standard, even a messy one, would be better than none. 

                                                          Henry Spencer
                                                       henry@spsystems.net

Follow-Ups:

Re: Reliable delete notifies

From: "Angelos D. Keromytis" <angelos@dsl.cis.upenn.edu>

Definition of PFS...

From: "Andrew Krywaniuk" <andrew.krywaniuk@alcatel.com>

References:

Re: Reliable delete notifies

From: Michael Richardson <mcr@solidum.com>

Prev by Date: Re: FW: Negotiation for Ipsec SA
Next by Date: Re: Reliable delete notifies
Prev by thread: Re: Reliable delete notifies
Next by thread: Re: Reliable delete notifies
Index(es):
- Main
- Thread