IETF Logo Mail Archive

Re: IKEv2 (son-of-ike) draft

Jan Vilhuber <vilhuber@cisco.com> Wed, 21 November 2001 22:07 UTC

Received: from lists.tislabs.com (portal.gw.tislabs.com [192.94.214.101]) by above.proper.com (8.11.6/8.11.3) with ESMTP id fALM79823992; Wed, 21 Nov 2001 14:07:09 -0800 (PST)
Received: by lists.tislabs.com (8.9.1/8.9.1) id QAA16841 Wed, 21 Nov 2001 16:09:27 -0500 (EST)
Date: Wed, 21 Nov 2001 13:18:17 -0800
From: Jan Vilhuber <vilhuber@cisco.com>
To: Henry Spencer <henry@spsystems.net>
cc: Derek Atkins <warlord@mit.edu>, ipsec@lists.tislabs.com
Subject: Re: IKEv2 (son-of-ike) draft
In-Reply-To: <Pine.BSI.3.91.1011121111035.12699K-100000@spsystems.net>
Message-ID: <Pine.LNX.4.21.0111211317080.16540-100000@janpc-home.cisco.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset="US-ASCII"
Sender: owner-ipsec@lists.tislabs.com
Precedence: bulk

I don't suppose we could get this WG to pick one as a MUST...

jan


On Wed, 21 Nov 2001, Henry Spencer wrote:

> On 21 Nov 2001, Derek Atkins wrote:
> > > ...and now we can't get rid of it and even have group-keys. Gah! What's so
> > > hard about configuring an RSA key?
> > 
> > Lack of a standard way of doing it...  Do you use raw RSA N/e, PGP key
> > format, X.509 format?  If a certificate format (PGP/X.509/etc) what
> > signatures are required, if any?  IKE doesn't specify any of this, and
> > quite frankly a number of implementations do it differently.
> 
> So *pick one*.  Just because there are ten different ways of doing it
> doesn't mean you have to support all ten, or stand there frozen because
> you're unable to make up your mind.
> 
>                                                           Henry Spencer
>                                                        henry@spsystems.net
> 

 --
Jan Vilhuber                                            vilhuber@cisco.com
Cisco Systems, San Jose                                     (408) 527-0847

v2.35.0 | Report a Bug | By Email | System Status