[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Remove little-used algorithms from IKEv2
Paul Hoffman / VPNC <paul.hoffman@vpnc.org> writes:
> In the same vein, all certificate formats other than #4 (X.509
> Certificate - Signature) should be deprecated as well. "PKCS #7
> wrapped X.509 certificate" is particularly bad given that there is no
> standard for how to "wrap" a certificate.
I'm not sure I agree with the first statement here. I'm willing to be
convinced, but I think PGP certificates and maybe raw RSA keys are
both reasonable as well.
> --Paul Hoffman, Director
> --VPN Consortium
-derek
--
Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
Member, MIT Student Information Processing Board (SIPB)
URL: http://web.mit.edu/warlord/ PP-ASEL-IA N1NWH
warlord@MIT.EDU PGP key available