[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Confirm decision on identity handling.
At 8:08 AM -0700 5/15/03, Eric Rescorla wrote:
>Hmm... I see your point. I was speculating that this would mean
>that you didn't much care what was in the certificate.
You could have a security policy that ignored the identity in the
cert ("allow an SA with these restrictions to anyone who has a cert
from XYZRoot"), or one that was identity-based ("let
chris@example.com make an SA").
>What would be the point of using an ID payload if you didn't
>care what was in it?
There isn't one.
--Paul Hoffman, Director
--VPN Consortium