[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Remove little-used algorithms from IKEv2

To: Derek Atkins <warlord@mit.edu>
Subject: Re: Remove little-used algorithms from IKEv2
From: Paul Hoffman / VPNC <paul.hoffman@vpnc.org>
Date: Thu, 14 Mar 2002 20:16:54 -0800
Cc: ipsec@lists.tislabs.com
In-Reply-To: <sjm663yzkz3.fsf@kikki.mit.edu>
References: <p0510140ab8b6a4514ed7@[165.227.249.20]><sjm663yzkz3.fsf@kikki.mit.edu>
Sender: owner-ipsec@lists.tislabs.com

At 8:19 PM -0500 3/14/02, Derek Atkins wrote:
>Paul Hoffman / VPNC <paul.hoffman@vpnc.org> writes:
>
>>  In the same vein, all certificate formats other than #4 (X.509
>>  Certificate - Signature) should be deprecated as well. "PKCS #7
>>  wrapped X.509 certificate" is particularly bad given that there is no
>>  standard for how to "wrap" a certificate.
>
>I'm not sure I agree with the first statement here.  I'm willing to be
>convinced, but I think PGP certificates and maybe raw RSA keys are
>both reasonable as well.

PGP certificates seem to be in permanent experimental state with no 
customer demand for them. The same is true for bare RSA keys. Yes, 
there are probably some people who want them, but there are some 
people who might want any of the features we are removing. PGP certs 
don't have any better security features than PKIX certs, and bare RSA 
keys have fewer security features that PKIX certs.

--Paul Hoffman, Director
--VPN Consortium

Follow-Ups:
- Re: Remove little-used algorithms from IKEv2
  - From: Henry Spencer <henry@spsystems.net>

References:
- Remove little-used algorithms from IKEv2
  - From: Paul Hoffman / VPNC <paul.hoffman@vpnc.org>
- Re: Remove little-used algorithms from IKEv2
  - From: Derek Atkins <warlord@mit.edu>

Prev by Date: Re: Remove little-used algorithms from IKEv2
Next by Date: Re: Remove little-used algorithms from IKEv2
Prev by thread: Re: Remove little-used algorithms from IKEv2
Next by thread: Re: Remove little-used algorithms from IKEv2
Index(es):
- Date
- Thread