Re: "Me Tarzan, You Jane" in IKEv2-05

[Michael Richardson <mcr@sandelman.ottawa.on.ca>]

-----BEGIN PGP SIGNED MESSAGE-----


>>>>> "dharkins" == dharkins  <dharkins@tibernian.com> writes:
    dharkins> How does the responder pick the right private key? You haven't
    dharkins> said how "sales@lox.sandelman.ca" is uniquely bound to a key in
    dharkins> the first place. For the standard way of binding identities to

  I don't see how it matters how the binding is done. It is a local matter.
Maybe I have /etc/keys. The responder has a list of identities that it is
authoritative for.  

  We generally felt that the the You-Tarzan part could indicate what
identity one might wish to speak to.

  While the CERT_REQUEST would indicate that one *also* needs to get the
full chain of the keys to authenticate that identity - that there wasn't a
way to get this otherwise. Remember that we were trying to get rid of big
certificate chains.

]       ON HUMILITY: to err is human. To moo, bovine.           |  firewalls  [
]   Michael Richardson, Sandelman Software Works, Ottawa, ON    |net architect[
] mcr@sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
Comment: Finger me for keys

iQCVAwUBPneMc4qHRg3pndX9AQGd5AQA3KKLI/yj8Jl6cC6lNNBZPFoMXzVHDuLe
Pjd5s4nIe9ROUH8AdF41uT32dWN+R9ESgQgYVhq0GKW26aL7F4xXX1fq1DKso7Zk
BY2o2qbu22P4XMTw50zh6VSQ62byfx85knynJOlJFmnT6BwKq0+CJkSfogQ7qrGO
LuI6kPY766Y=
=/+tR
-----END PGP SIGNATURE-----