Re: comments on draft-ietf-ipsec-pki-req-01.txt - alternate names
Joern Sierwald <joern.sierwald@datafellows.com> Thu, 10 September 1998 12:40 UTC
Received: (from majordom@localhost) by portal.ex.tis.com (8.8.2/8.8.2) id IAA23251 for ipsec-outgoing; Thu, 10 Sep 1998 08:40:35 -0400 (EDT)
Message-Id: <3.0.5.32.19980910155808.00a383f0@smtp.datafellows.com>
X-Sender: joern@smtp.datafellows.com
X-Mailer: QUALCOMM Windows Eudora Pro Version 3.0.5 (32)
Date: Thu, 10 Sep 1998 15:58:08 +0300
To: Rodney Thayer <rodney@tillerman.nu>
From: Joern Sierwald <joern.sierwald@datafellows.com>
Subject: Re: comments on draft-ietf-ipsec-pki-req-01.txt - alternate names
Cc: ipsec@tis.com
In-Reply-To: <199809101109.HAA00656@2gn.com>
References: <199809101154.OAA09700@torni.ssh.fi> <199809092123.RAA30098@2gn.com> <35F56A73.E0376BE8@cale.checkpoint.com> <199809092123.RAA30098@2gn.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by portal.ex.tis.com id IAA23248
Sender: owner-ipsec@ex.tis.com
Precedence: bulk
At 08:11 10/09/98 -0400, you wrote: >So a random packet from an illegitimate address identified with >a certificate from example.com (a defined-to-be-invalid domain) is fine? Do you trust the CA that signed the certificate? Is the certificate still valid? If you answer both questions with "yes", it is fine. >So the actual identity and the sanity of that identity are irrelevant? You don't check the "sanity of that identity". The CA should do. You just check the sanity of the CA. Jörn Sierwald
- comments on draft-ietf-ipsec-pki-req-01.txt - alt… Moshe Litvin
- Re: comments on draft-ietf-ipsec-pki-req-01.txt -… Michael C. Richardson
- Re: comments on draft-ietf-ipsec-pki-req-01.txt -… Rodney Thayer
- Re: comments on draft-ietf-ipsec-pki-req-01.txt -… Tero Kivinen
- Re: comments on draft-ietf-ipsec-pki-req-01.txt -… Rodney Thayer
- Re: comments on draft-ietf-ipsec-pki-req-01.txt -… Joern Sierwald
- Re: comments on draft-ietf-ipsec-pki-req-01.txt -… Tero Kivinen
- Re: comments on draft-ietf-ipsec-pki-req-01.txt -… Steven M. Bellovin
- Re: comments on draft-ietf-ipsec-pki-req-01.txt -… Moshe Litvin
- Re: comments on draft-ietf-ipsec-pki-req-01.txt -… Dave Mason
- Re: comments on draft-ietf-ipsec-pki-req-01.txt -… Rodney Thayer
- RE: comments on draft-ietf-ipsec-pki-req-01.txt -… Rodney Thayer
- Re: comments on draft-ietf-ipsec-pki-req-01.txt -… Rodney Thayer
- Re: comments on draft-ietf-ipsec-pki-req-01.txt -… Rodney Thayer
- Re: comments on draft-ietf-ipsec-pki-req-01.txt -… Michael C. Richardson
- Re: comments on draft-ietf-ipsec-pki-req-01.txt -… bmanning
- Re: comments on draft-ietf-ipsec-pki-req-01.txt -… Dave Mason
- Re: comments on draft-ietf-ipsec-pki-req-01.txt -… Rizwan Mallal
- RE: comments on draft-ietf-ipsec-pki-req-01.txt -… Dave Mason
- Re: comments on draft-ietf-ipsec-pki-req-01.txt -… Rodney Thayer
- Re: comments on draft-ietf-ipsec-pki-req-01.txt -… C. Harald Koch
- Re: comments on draft-ietf-ipsec-pki-req-01.txt -… Rodney Thayer
- Re: comments on draft-ietf-ipsec-pki-req-01.txt -… Michael C. Richardson
- Re: comments on draft-ietf-ipsec-pki-req-01.txt -… Dave Mason
- Re: comments on draft-ietf-ipsec-pki-req-01.txt -… Rodney Thayer