IETF Logo Mail Archive

Re: comments on draft-ietf-ipsec-pki-req-01.txt - alternate names

Rodney Thayer <rodney@tillerman.nu> Mon, 14 September 1998 16:38 UTC

Received: (from majordom@localhost) by portal.ex.tis.com (8.8.2/8.8.2) id MAA06900 for ipsec-outgoing; Mon, 14 Sep 1998 12:38:21 -0400 (EDT)
Message-Id: <199809141554.LAA17963@2gn.com>
X-Sender: rodney@module-one.tillerman.nu
X-Mailer: QUALCOMM Windows Eudora Pro Version 4.0.2
Date: Mon, 14 Sep 1998 12:48:47 -0400
To: Dave Mason <dmason@tis.com>
From: Rodney Thayer <rodney@tillerman.nu>
Subject: Re: comments on draft-ietf-ipsec-pki-req-01.txt - alternate names
Cc: ipsec@tis.com, rodney@tillerman.nu
In-Reply-To: <199809141642.MAA25689@rubicon.rv.tis.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Sender: owner-ipsec@ex.tis.com
Precedence: bulk

argh.  I didn't mean to prohibit that.

I myself don't like sending chains but I'm not trying to have that debate
over this document.

I'll think about how I worded things and come up with something less vague.

At 12:42 PM 9/14/98 -0400, you wrote:
>>>
>>>Could you change the wording of the third paragraph of section 3.2 to say:
>>>
>>>A root signing certificate
>>>  ^^^^
>>
>>No.  If it's not at the top of the hierarchy then it's not a root.
>>Been there, got that wrong.  You might not like my mandating 8 layers, and
>>that's fine, but
>>I am positive we'll need to deal with more than one-layer hierarchies.
>
>Without the "root" specification, this paragraph (as well as the last
>sentence of the second paragraph in section 3.3) precludes the sending
>of certificate chains via IKE (which is fine with me since the proper
>handling of chains received via IKE is not a simple matter :).
>
>-dmason
>

v2.37.1 | Report a Bug | By Email | System Status