[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: ISAKMP and SSL

To: Stephen Kent <kent@bbn.com>
Subject: Re: ISAKMP and SSL
From: Mark Baugher <mbaugher@cisco.com>
Date: Wed, 30 Apr 2003 15:49:23 -0700
Cc: Ibrahim <hajjeh@enst.fr>, ipsec@lists.tislabs.com
In-Reply-To: <p05210603bad5f32ca930@[10.81.114.236]>
References: <3EB00CC9.333D63EF@enst.fr><3EB00CC9.333D63EF@enst.fr>
Sender: owner-ipsec@lists.tislabs.com

At 05:40 PM 4/30/2003 -0400, Stephen Kent wrote:
>At 7:50 PM +0200 4/30/03, Ibrahim wrote:
>>Hi all,
>>When I read RFC 2408 they described ISAKMP as a generic key management
>>protocol for all security protocols but till now the large deployment of
>>ISAKMP was only with IPSEC
>>My question is, can we use it with SSL/TLS?
>>The goal of this issue is to add new services in SSL/TLS (identity
>>protection, attribute certificate passing for access control schemes,
>>non-repudiation…).
>>Thank you in advance
>>Ibrahim
>
>SSL/TLS has its own, tightly couple key management protocol, so it would 
>not be appropriate to try to use ISAKMP.

I think the confusion comes from the fact that the ISAKMP RFC says it could 
be applied to TLS.

Mark

References:
- ISAKMP and SSL
  - From: Ibrahim <hajjeh@enst.fr>
- Re: ISAKMP and SSL
  - From: Stephen Kent <kent@bbn.com>

Prev by Date: Re: Confirm decision on identity handling.
Next by Date: RE: Confirm decision on identity handling.
Prev by thread: Re: ISAKMP and SSL
Next by thread: IPSec Passthrough
Index(es):
- Date
- Thread