[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

me tarzan- me jane suggested text change

To: ipsec@lists.tislabs.com, charlie kaufman <Charlie_Kaufman@notesdev.ibm.com>
Subject: me tarzan- me jane suggested text change
From: "jpickering@creeksidenet.com" <jpickering@creeksidenet.com>
Date: Tue, 25 Mar 2003 13:14:01 -0500
Sender: owner-ipsec@lists.tislabs.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; m18) Gecko/20001108 Netscape6/6.0


Per the  SF discussion surrounding whether the ID payload must match the ID
in a presented cert, I would like to add my vote for increased clarity. 
To do so,
I believe the following text represents the spirit of the WG:

In section 2.15, to the sentence that states:

"Optionally, messages 3 and 4 MAY include a certificate, or certificate 
chain providing evidence
that the key used to compute a digital signature belongs to the name in 
the ID payload."

Add the following"

" The exact requirement for mapping the name in the ID payload to an 
acceptable key is a local matter
and outside the scope of this document".

Jeff

Follow-Ups:
- Re: me tarzan- me jane suggested text change
  - From: Stephen Kent <kent@bbn.com>
- Re: me tarzan- me jane suggested text change
  - From: Ravi <ravivsn@roc.co.in>
- Re: me tarzan- me jane suggested text change
  - From: Ravi <ravivsn@roc.co.in>

Prev by Date: Re: IKEv2: prepending four octets
Next by Date: Text suggestion on computing keymat for rekey
Prev by thread: Re: IKEv2: ECN hack for broken h/w?
Next by thread: Re: me tarzan- me jane suggested text change
Index(es):
- Date
- Thread