Re: me tarzan- me jane suggested text change

[Ravi <ravivsn@roc.co.in>]

In my view, making ID check is local matter might result in
deployment interoperability problem. I don't see any problem 
in making sure that both ID in the payload and ID in the 
certificate match with ID configured in the IKE policies.
That is, all three have to be same. Does anybody see problem
in comparing IDs and ensuring that they are same and making 
this mandatory? 

Thanks for your time

jpickering@creeksidenet.com wrote: >Per the SF discussion surrounding whether the ID payload must match the ID >in a presented cert, I would like to add my vote for increased clarity. To do so, >I believe the following text represents the spirit of the WG: > >In section 2.15, to the sentence that states: > >"Optionally, messages 3 and 4 MAY include a certificate, or certificate chain providing evidence >that the key used to compute a digital signature belongs to the name in the ID payload." > >Add the following" > >" The exact requirement for mapping the name in the ID payload to an acceptable key is a local matter >and outside the scope of this document". > >Jeff -- The views presented in this mail are completely mine. The company is not responsible for whatsoever. ---------- Ravi Kumar CH Rendezvous On Chip (i) Pvt Ltd Hyderabad, India Ph: +91-40-2335 1214 / 1175 / 1184 ROC home page