[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Requirements for IKEv2 implementations
-----BEGIN PGP SIGNED MESSAGE-----
>>>>> "Gregory" == Gregory Lebovitz <Gregory@netscreen.com> writes:
Gregory> PKI vendors. They have abandoned the application as a focus for their
Gregory> development, marketing and sales. At an absolute minimum, PSS is
Gregory> a MUST.
Why can't we make self-signed PKIX certificates a MUST?
{This is a compromise for me. I prefer to make raw RSA keys a MUST}
(sure, you can use a CA if you want, but that's not the interop-MUST)
Why do we have to be dependant upon the PKI vendors? At least they have
begun to honest about dropping the ball on this.
] ON HUMILITY: to err is human. To moo, bovine. | firewalls [
] Michael Richardson, Sandelman Software Works, Ottawa, ON |net architect[
] mcr@sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
Comment: Finger me for keys
iQCVAwUBPq8yM4qHRg3pndX9AQFbAAP/WkWMQYRg5b0oO8OoOfWk0j9Hf1Ow3N0N
ICgndaPonZLPdUaOxTb/46d+aANqLsMON90dXWHU4UpBFMeT6DEJAI2SlGSxP6PR
6nPIopFtWVrLp2VhhlVDKYoX9DICBXxibpmY3CsyV00guVji2ABziJCcbaHpGuI1
X+RjD/xZI9k=
=TazX
-----END PGP SIGNATURE-----