Re: Adding revised identities to IKEv2

[Michael Richardson <mcr@sandelman.ottawa.on.ca>]

-----BEGIN PGP SIGNED MESSAGE-----


>>>>> "Jan" == Jan Vilhuber <vilhuber@cisco.com> writes:
    >> >>  This is what IKE v2 and a cert profile should do, in combination.
    >> >
    >> >Given the importance of certificates to IKEv2, the profile should be a
    >> >part of the IKEv2 document.
    >> 
    >> Why do you think it needs to be one document?

    Jan> Presumably for the same reason we decided to fold the IKE, ISAKMP,
    Jan> IPDOI etc drafts into a single document.

  No, that's not the same.

  It would be, if the only way to use IKE was with PKIX certificates, but it
is not. The certificate profile *MUST* exist.
  I would prefer that it was in a seperate document. 

  In fact, I suggest that this document should be extensively reviewed by the
PKIX WG, and that in itself is a reason to do it in a different schedule.

]       ON HUMILITY: to err is human. To moo, bovine.           |  firewalls  [
]   Michael Richardson, Sandelman Software Works, Ottawa, ON    |net architect[
] mcr@sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
Comment: Finger me for keys

iQCVAwUBPgzWKIqHRg3pndX9AQHbIQQAzpF2LKBEAYGx4ST9AhSGt9mt8ei44UxP
jSe/pkU2l6HuaHQ+ZpyeY0jFyW+IL0FkT1LIg76CmesyXM95ULz/LVtE5kijsjvE
ZO/5TtY6TEmwyExW8N4hOgzn3VSIu10qe8mEgQEWnnZsCM4z9eU5JyqmyeZR3NRk
OOx36Kxld5c=
=d2PE
-----END PGP SIGNATURE-----