[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Confirm decision on identity handling.
>>>>> "VPNC" == VPNC <Paul> writes:
VPNC> At 3:01 PM -0400 5/20/03, Michael Richardson wrote:
>> What I do hear is that the VPN has to work for two parties who have
>> picked random CAs, and can't control what goes into the
>> certificate. That sure sounds like "rwo random parties" to me.
VPNC> We hear differently. No one creating a VPN (as compared to
VPNC> opportunistic encryption) can pick random CAs. For VPNs, there is a
VPNC> shared trusted CA.
So, why is there a problem with telling the CA what needs to go into the
certificate?
] ON HUMILITY: to err is human. To moo, bovine. | firewalls [
] Michael Richardson, Sandelman Software Works, Ottawa, ON |net architect[
] mcr@sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [