[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Choosing between IKEv2 and JFK



On Friday 08 March 2002 10:00, Derek Atkins wrote:
 > Michael Thomas <mat@cisco.com> writes:
 > >    Huh? The certs are only there for identity.
 >
 > No, in reality the certs are there for authorization.  It's just that
 > people don'e understand the concept of capabilities, so we have this
 > ad-hoc "identity" cert and map it via some local lookup method to a
 > set of capabilities.

Conceptually I agree. 

Practically however, the current PKI (IMHO) offers identity-only (at 
best).

Please correct me if I'm wrong, preferably by citing real-life examples.
-- 
Regards,
Uri
-=-=-<>-=-=-
<Disclaimer>