[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: "Me Tarzan, You Jane" in IKEv2-05
-----BEGIN PGP SIGNED MESSAGE-----
>>>>> "dharkins" == dharkins <dharkins@tibernian.com> writes:
dharkins> How does the responder pick the right private key? You haven't
dharkins> said how "sales@lox.sandelman.ca" is uniquely bound to a key in
dharkins> the first place. For the standard way of binding identities to
I don't see how it matters how the binding is done. It is a local matter.
Maybe I have /etc/keys. The responder has a list of identities that it is
authoritative for.
We generally felt that the the You-Tarzan part could indicate what
identity one might wish to speak to.
While the CERT_REQUEST would indicate that one *also* needs to get the
full chain of the keys to authenticate that identity - that there wasn't a
way to get this otherwise. Remember that we were trying to get rid of big
certificate chains.
] ON HUMILITY: to err is human. To moo, bovine. | firewalls [
] Michael Richardson, Sandelman Software Works, Ottawa, ON |net architect[
] mcr@sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
Comment: Finger me for keys
iQCVAwUBPneMc4qHRg3pndX9AQGd5AQA3KKLI/yj8Jl6cC6lNNBZPFoMXzVHDuLe
Pjd5s4nIe9ROUH8AdF41uT32dWN+R9ESgQgYVhq0GKW26aL7F4xXX1fq1DKso7Zk
BY2o2qbu22P4XMTw50zh6VSQ62byfx85knynJOlJFmnT6BwKq0+CJkSfogQ7qrGO
LuI6kPY766Y=
=/+tR
-----END PGP SIGNATURE-----