[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Confirm decision on identity handling.
At 6:00 AM -0700 5/15/03, Eric Rescorla wrote:
>Gregory Lebovitz <Gregory@netscreen.com> writes:
> > I vote for disassociating ID from cert contents. (BUT, I proposed text that
> > would allow for those who desired/required to be able to match if they
>> wanted to).
>The problem, then, of course, is that you've just made it near
>impossible to make a system which works in the generic
>"I want to establish an SA with some I've never heard
>of before" mode.
Could you explain why? For this scenario, how is binding an ID to the
cert any different than ignoring the ID and getting an identity out
of the cert?
--Paul Hoffman, Director
--VPN Consortium