Re: Remove little-used algorithms from IKEv2

Derek Atkins <warlord@mit.edu> Fri, 15 March 2002 01:43 UTC

Received: from lists.tislabs.com (portal.gw.tislabs.com [192.94.214.101]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g2F1hw429793; Thu, 14 Mar 2002 17:43:58 -0800 (PST)
Received: by lists.tislabs.com (8.9.1/8.9.1) id UAA07935 Thu, 14 Mar 2002 20:07:28 -0500 (EST)
To: Paul Hoffman / VPNC <paul.hoffman@vpnc.org>
Cc: ipsec@lists.tislabs.com
Subject: Re: Remove little-used algorithms from IKEv2
References: <p0510140ab8b6a4514ed7@[165.227.249.20]>
From: Derek Atkins <warlord@mit.edu>
Date: Thu, 14 Mar 2002 20:19:12 -0500
In-Reply-To: <p0510140ab8b6a4514ed7@[165.227.249.20]>
Message-ID: <sjm663yzkz3.fsf@kikki.mit.edu>
Lines: 21
User-Agent: Gnus/5.0808 (Gnus v5.8.8) Emacs/20.7
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Sender: owner-ipsec@lists.tislabs.com
Precedence: bulk

Paul Hoffman / VPNC <paul.hoffman@vpnc.org> writes:

> In the same vein, all certificate formats other than #4 (X.509
> Certificate - Signature) should be deprecated as well. "PKCS #7
> wrapped X.509 certificate" is particularly bad given that there is no
> standard for how to "wrap" a certificate.

I'm not sure I agree with the first statement here.  I'm willing to be
convinced, but I think PGP certificates and maybe raw RSA keys are
both reasonable as well.

> --Paul Hoffman, Director
> --VPN Consortium

-derek

-- 
       Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
       Member, MIT Student Information Processing Board  (SIPB)
       URL: http://web.mit.edu/warlord/    PP-ASEL-IA     N1NWH
       warlord@MIT.EDU                        PGP key available