[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IKEv2 (son-of-ike) draft

To: Derek Atkins <warlord@mit.edu>
Subject: Re: IKEv2 (son-of-ike) draft
From: Henry Spencer <henry@spsystems.net>
Date: Wed, 21 Nov 2001 11:12:22 -0500 (EST)
cc: ipsec@lists.tislabs.com
In-Reply-To: <sjmbshwduuz.fsf@benjamin.ihtfp.org>
Sender: owner-ipsec@lists.tislabs.com

On 21 Nov 2001, Derek Atkins wrote:
> > ...and now we can't get rid of it and even have group-keys. Gah! What's so
> > hard about configuring an RSA key?
> 
> Lack of a standard way of doing it...  Do you use raw RSA N/e, PGP key
> format, X.509 format?  If a certificate format (PGP/X.509/etc) what
> signatures are required, if any?  IKE doesn't specify any of this, and
> quite frankly a number of implementations do it differently.

So *pick one*.  Just because there are ten different ways of doing it
doesn't mean you have to support all ten, or stand there frozen because
you're unable to make up your mind.

                                                          Henry Spencer
                                                       henry@spsystems.net

Follow-Ups:

Re: IKEv2 (son-of-ike) draft

From: Derek Atkins <warlord@mit.edu>

Re: IKEv2 (son-of-ike) draft

From: Jan Vilhuber <vilhuber@cisco.com>

References:

Re: IKEv2 (son-of-ike) draft

From: Derek Atkins <warlord@mit.edu>

Prev by Date: Re: IKEv2 (son-of-ike) draft
Next by Date: RE: IKEv2 (son-of-ike) draft
Prev by thread: Re: IKEv2 (son-of-ike) draft
Next by thread: Re: IKEv2 (son-of-ike) draft
Index(es):
- Main
- Thread