[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Confirm decision on identity handling.

To: EKR <ekr@rtfm.com>
Subject: Re: Confirm decision on identity handling.
From: Paul Hoffman / VPNC <paul.hoffman@vpnc.org>
Date: Thu, 15 May 2003 08:13:26 -0700
Cc: Gregory Lebovitz <Gregory@netscreen.com>, "Scott G. Kelly" <scott@airespace.com>, ipsec@lists.tislabs.com
In-Reply-To: <kjel30s0wc.fsf@romeo.rtfm.com>
References: <541402FFDC56DA499E7E13329ABFEA87E66D8E@SARATOGA.netscreen.com><kj65oc8iw2.fsf@romeo.rtfm.com> <p0521061bbae95ab471b9@[63.202.92.152]><kjel30s0wc.fsf@romeo.rtfm.com>
Sender: owner-ipsec@lists.tislabs.com

At 8:08 AM -0700 5/15/03, Eric Rescorla wrote:
>Hmm... I see your point. I was speculating that this would mean
>that you didn't much care what was in the certificate.

You could have a security policy that ignored the identity in the 
cert ("allow an SA with these restrictions to anyone who has a cert 
from XYZRoot"), or one that was identity-based ("let 
chris@example.com make an SA").

>What would be the point of using an ID payload if you didn't
>care what was in it?

There isn't one.

--Paul Hoffman, Director
--VPN Consortium

Follow-Ups:
- Re: Confirm decision on identity handling.
  - From: Eric Rescorla <ekr@rtfm.com>
- Re: Confirm decision on identity handling.
  - From: Michael Richardson <mcr@sandelman.ottawa.on.ca>

References:
- RE: Confirm decision on identity handling.
  - From: Gregory Lebovitz <Gregory@netscreen.com>
- Re: Confirm decision on identity handling.
  - From: Eric Rescorla <ekr@rtfm.com>
- Re: Confirm decision on identity handling.
  - From: Paul Hoffman / VPNC <paul.hoffman@vpnc.org>
- Re: Confirm decision on identity handling.
  - From: Eric Rescorla <ekr@rtfm.com>

Prev by Date: Re: Confirm decision on identity handling.
Next by Date: Re: Confirm decision on identity handling.
Prev by thread: Re: Confirm decision on identity handling.
Next by thread: Re: Confirm decision on identity handling.
Index(es):
- Date
- Thread