[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Suggestion for SOI wrt PFS

To: Jan Vilhuber <vilhuber@cisco.com>
Subject: Re: Suggestion for SOI wrt PFS
From: "Angelos D. Keromytis" <angelos@cs.columbia.edu>
Date: Fri, 29 Mar 2002 13:20:24 -0500
Cc: Bill Sommerfeld <sommerfeld@east.sun.com>, andrew.krywaniuk@alcatel.com, ipsec@lists.tislabs.com
In-reply-to: Your message of "Thu, 28 Mar 2002 19:21:11 PST." <Pine.LNX.4.33.0203281919090.1204-100000@janpc-home.cisco.com>
Sender: owner-ipsec@lists.tislabs.com


In message <Pine.LNX.4.33.0203281919090.1204-100000@janpc-home.cisco.com>, Jan 
Vilhuber writes:
 >
 >Then you'd have to reauthenticate, which you may not want to (public
 >key operation and all). At least that's the only difference I can
 >see. This is somewhat lighter weight than a full phase 1.
 >
 >[ I haven't thought this proposal through yet, so I'm not coming down
 >on one side or the other ;) ]

The argument I made a while ago, about caching the results of a
cert chain validation hold for this case too.
-Angelos

Follow-Ups:
- Re: Suggestion for SOI wrt PFS
  - From: Jan Vilhuber <vilhuber@cisco.com>

Prev by Date: Re: Suggestion for SOI wrt PFS
Next by Date: Re: Suggestion for SOI wrt PFS
Prev by thread: RE: Move TS to optional (RE: Don't remove TS from IKEv2)
Next by thread: Re: Suggestion for SOI wrt PFS
Index(es):
- Date
- Thread