[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Adding revised identities to IKEv2
-----BEGIN PGP SIGNED MESSAGE-----
>>>>> "Jan" == Jan Vilhuber <vilhuber@cisco.com> writes:
>> >> This is what IKE v2 and a cert profile should do, in combination.
>> >
>> >Given the importance of certificates to IKEv2, the profile should be a
>> >part of the IKEv2 document.
>>
>> Why do you think it needs to be one document?
Jan> Presumably for the same reason we decided to fold the IKE, ISAKMP,
Jan> IPDOI etc drafts into a single document.
No, that's not the same.
It would be, if the only way to use IKE was with PKIX certificates, but it
is not. The certificate profile *MUST* exist.
I would prefer that it was in a seperate document.
In fact, I suggest that this document should be extensively reviewed by the
PKIX WG, and that in itself is a reason to do it in a different schedule.
] ON HUMILITY: to err is human. To moo, bovine. | firewalls [
] Michael Richardson, Sandelman Software Works, Ottawa, ON |net architect[
] mcr@sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
Comment: Finger me for keys
iQCVAwUBPgzWKIqHRg3pndX9AQHbIQQAzpF2LKBEAYGx4ST9AhSGt9mt8ei44UxP
jSe/pkU2l6HuaHQ+ZpyeY0jFyW+IL0FkT1LIg76CmesyXM95ULz/LVtE5kijsjvE
ZO/5TtY6TEmwyExW8N4hOgzn3VSIu10qe8mEgQEWnnZsCM4z9eU5JyqmyeZR3NRk
OOx36Kxld5c=
=d2PE
-----END PGP SIGNATURE-----