[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Confirm decision on identity handling.

To: ipsec@lists.tislabs.com
Subject: Re: Confirm decision on identity handling.
From: Michael Richardson <mcr@sandelman.ottawa.on.ca>
Date: Tue, 20 May 2003 16:48:16 -0400
In-reply-to: Your message of "Tue, 20 May 2003 15:40:31 EDT." <p0521061dbaf0347e050e@[63.202.92.152]>
Sender: owner-ipsec@lists.tislabs.com

>>>>> "VPNC" == VPNC  <Paul> writes:
    VPNC> At 3:01 PM -0400 5/20/03, Michael Richardson wrote:
    >> What I do hear is that the VPN has to work for two parties who have
    >> picked random CAs, and can't control what goes into the
    >> certificate. That sure sounds like "rwo random parties" to me.

    VPNC> We hear differently. No one creating a VPN (as compared to 
    VPNC> opportunistic encryption) can pick random CAs. For VPNs, there is a 
    VPNC> shared trusted CA.

  So, why is there a problem with telling the CA what needs to go into the
certificate?

]       ON HUMILITY: to err is human. To moo, bovine.           |  firewalls  [
]   Michael Richardson, Sandelman Software Works, Ottawa, ON    |net architect[
] mcr@sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [

Follow-Ups:
- Re: Confirm decision on identity handling.
  - From: "D. K. Smetters" <smetters@parc.com>

References:
- Re: Confirm decision on identity handling.
  - From: Paul Hoffman / VPNC <paul.hoffman@vpnc.org>

Prev by Date: Re: Confirm decision on identity handling.
Next by Date: Re: Confirm decision on identity handling.
Prev by thread: Re: Confirm decision on identity handling.
Next by thread: Re: Confirm decision on identity handling.
Index(es):
- Date
- Thread