[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: me tarzan- me jane suggested text change

To: "jpickering@creeksidenet.com" <jpickering@creeksidenet.com>
Subject: Re: me tarzan- me jane suggested text change
From: Stephen Kent <kent@bbn.com>
Date: Tue, 25 Mar 2003 15:17:39 -0500
Cc: ipsec@lists.tislabs.com
In-Reply-To: <3E809C69.3060102@creeksidenet.com>
References: <3E809C69.3060102@creeksidenet.com>
Sender: owner-ipsec@lists.tislabs.com

At 1:14 PM -0500 3/25/03, jpickering@creeksidenet.com wrote:
>Per the  SF discussion surrounding whether the ID payload must match the ID
>in a presented cert, I would like to add my vote for increased 
>clarity. To do so,
>I believe the following text represents the spirit of the WG:
>
>In section 2.15, to the sentence that states:
>
>"Optionally, messages 3 and 4 MAY include a certificate, or 
>certificate chain providing evidence
>that the key used to compute a digital signature belongs to the name 
>in the ID payload."
>
>Add the following"
>
>" The exact requirement for mapping the name in the ID payload to an 
>acceptable key is a local matter
>and outside the scope of this document".
>
>Jeff

I don't think the latter text helps, since it does not tell a peer 
whether the match is required or not, and thus interoperability 
problems will persist. I think Paul Hoffman made this point in his 
comments at the mic.

Steve

References:
- me tarzan- me jane suggested text change
  - From: "jpickering@creeksidenet.com" <jpickering@creeksidenet.com>

Prev by Date: Re: Text suggestion on computing keymat for rekey
Next by Date: Re: Secure remote access with IPsec
Prev by thread: me tarzan- me jane suggested text change
Next by thread: Re: me tarzan- me jane suggested text change
Index(es):
- Date
- Thread