[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Choosing between IKEv2 and JFK
On Friday 08 March 2002 10:00, Derek Atkins wrote:
> Michael Thomas <mat@cisco.com> writes:
> > Huh? The certs are only there for identity.
>
> No, in reality the certs are there for authorization. It's just that
> people don'e understand the concept of capabilities, so we have this
> ad-hoc "identity" cert and map it via some local lookup method to a
> set of capabilities.
Conceptually I agree.
Practically however, the current PKI (IMHO) offers identity-only (at
best).
Please correct me if I'm wrong, preferably by citing real-life examples.
--
Regards,
Uri
-=-=-<>-=-=-
<Disclaimer>