[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Confirm decision on identity handling.



At 6:00 AM -0700 5/15/03, Eric Rescorla wrote:
>Gregory Lebovitz <Gregory@netscreen.com> writes:
>  > I vote for disassociating ID from cert contents. (BUT, I proposed text that
>  > would allow for those who desired/required to be able to match if they
>>  wanted to).
>The problem, then, of course, is that you've just made it near
>impossible to make a system which works in the generic
>"I want to establish an SA with some I've never heard
>of before" mode.

Could you explain why? For this scenario, how is binding an ID to the 
cert any different than ignoring the ID and getting an identity out 
of the cert?

--Paul Hoffman, Director
--VPN Consortium