[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IKEv2 (son-of-ike) draft

To: Henry Spencer <henry@spsystems.net>
Subject: Re: IKEv2 (son-of-ike) draft
From: Jan Vilhuber <vilhuber@cisco.com>
Date: Wed, 21 Nov 2001 13:18:17 -0800 (PST)
cc: Derek Atkins <warlord@mit.edu>, ipsec@lists.tislabs.com
In-Reply-To: <Pine.BSI.3.91.1011121111035.12699K-100000@spsystems.net>
Sender: owner-ipsec@lists.tislabs.com

I don't suppose we could get this WG to pick one as a MUST...

jan


On Wed, 21 Nov 2001, Henry Spencer wrote:

> On 21 Nov 2001, Derek Atkins wrote:
> > > ...and now we can't get rid of it and even have group-keys. Gah! What's so
> > > hard about configuring an RSA key?
> > 
> > Lack of a standard way of doing it...  Do you use raw RSA N/e, PGP key
> > format, X.509 format?  If a certificate format (PGP/X.509/etc) what
> > signatures are required, if any?  IKE doesn't specify any of this, and
> > quite frankly a number of implementations do it differently.
> 
> So *pick one*.  Just because there are ten different ways of doing it
> doesn't mean you have to support all ten, or stand there frozen because
> you're unable to make up your mind.
> 
>                                                           Henry Spencer
>                                                        henry@spsystems.net
> 

 --
Jan Vilhuber                                            vilhuber@cisco.com
Cisco Systems, San Jose                                     (408) 527-0847

References:

Re: IKEv2 (son-of-ike) draft

From: Henry Spencer <henry@spsystems.net>

Prev by Date: Re: SOI: identity protection and DOS
Next by Date: Re: SOI: identity protection and DOS
Prev by thread: Re: IKEv2 (son-of-ike) draft
Next by thread: RE: IKEv2 (son-of-ike) draft
Index(es):
- Main
- Thread