IETF Logo Mail Archive

Re: IKEv2 (son-of-ike) draft

Henry Spencer <henry@spsystems.net> Wed, 21 November 2001 17:09 UTC

Received: from lists.tislabs.com (portal.gw.tislabs.com [192.94.214.101]) by above.proper.com (8.11.6/8.11.3) with ESMTP id fALH94809253; Wed, 21 Nov 2001 09:09:04 -0800 (PST)
Received: by lists.tislabs.com (8.9.1/8.9.1) id LAA16015 Wed, 21 Nov 2001 11:04:02 -0500 (EST)
Date: Wed, 21 Nov 2001 11:12:22 -0500
From: Henry Spencer <henry@spsystems.net>
To: Derek Atkins <warlord@mit.edu>
cc: ipsec@lists.tislabs.com
Subject: Re: IKEv2 (son-of-ike) draft
In-Reply-To: <sjmbshwduuz.fsf@benjamin.ihtfp.org>
Message-ID: <Pine.BSI.3.91.1011121111035.12699K-100000@spsystems.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset="US-ASCII"
Sender: owner-ipsec@lists.tislabs.com
Precedence: bulk

On 21 Nov 2001, Derek Atkins wrote:
> > ...and now we can't get rid of it and even have group-keys. Gah! What's so
> > hard about configuring an RSA key?
> 
> Lack of a standard way of doing it...  Do you use raw RSA N/e, PGP key
> format, X.509 format?  If a certificate format (PGP/X.509/etc) what
> signatures are required, if any?  IKE doesn't specify any of this, and
> quite frankly a number of implementations do it differently.

So *pick one*.  Just because there are ten different ways of doing it
doesn't mean you have to support all ten, or stand there frozen because
you're unable to make up your mind.

                                                          Henry Spencer
                                                       henry@spsystems.net

v2.35.0 | Report a Bug | By Email | System Status