Re: Remove little-used algorithms from IKEv2
Paul Hoffman / VPNC <paul.hoffman@vpnc.org> Fri, 15 March 2002 04:51 UTC
Received: from lists.tislabs.com (portal.gw.tislabs.com [192.94.214.101]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g2F4p8406809; Thu, 14 Mar 2002 20:51:08 -0800 (PST)
Received: by lists.tislabs.com (8.9.1/8.9.1) id XAA08755 Thu, 14 Mar 2002 23:05:17 -0500 (EST)
Mime-Version: 1.0
X-Sender: phoffvpnc@mail.vpnc.org
Message-Id: <p05101419b8b725b9a370@[165.227.249.20]>
In-Reply-To: <sjm663yzkz3.fsf@kikki.mit.edu>
References: <p0510140ab8b6a4514ed7@[165.227.249.20]> <sjm663yzkz3.fsf@kikki.mit.edu>
Date: Thu, 14 Mar 2002 20:16:54 -0800
To: Derek Atkins <warlord@mit.edu>
From: Paul Hoffman / VPNC <paul.hoffman@vpnc.org>
Subject: Re: Remove little-used algorithms from IKEv2
Cc: ipsec@lists.tislabs.com
Content-Type: text/plain; charset="us-ascii"; format="flowed"
Sender: owner-ipsec@lists.tislabs.com
Precedence: bulk
At 8:19 PM -0500 3/14/02, Derek Atkins wrote: >Paul Hoffman / VPNC <paul.hoffman@vpnc.org> writes: > >> In the same vein, all certificate formats other than #4 (X.509 >> Certificate - Signature) should be deprecated as well. "PKCS #7 >> wrapped X.509 certificate" is particularly bad given that there is no >> standard for how to "wrap" a certificate. > >I'm not sure I agree with the first statement here. I'm willing to be >convinced, but I think PGP certificates and maybe raw RSA keys are >both reasonable as well. PGP certificates seem to be in permanent experimental state with no customer demand for them. The same is true for bare RSA keys. Yes, there are probably some people who want them, but there are some people who might want any of the features we are removing. PGP certs don't have any better security features than PKIX certs, and bare RSA keys have fewer security features that PKIX certs. --Paul Hoffman, Director --VPN Consortium
- Remove little-used algorithms from IKEv2 Paul Hoffman / VPNC
- RE: Remove little-used algorithms from IKEv2 Hallam-Baker, Phillip
- RE: Remove little-used algorithms from IKEv2 Henry Spencer
- Re: Remove little-used algorithms from IKEv2 Paul Koning
- Re: Remove little-used algorithms from IKEv2 Dan McDonald
- RE: Remove little-used algorithms from IKEv2 Paul Hoffman / VPNC
- Re: Remove little-used algorithms from IKEv2 Paul Hoffman / VPNC
- RE: Remove little-used algorithms from IKEv2 Hallam-Baker, Phillip
- Re: Remove little-used algorithms from IKEv2 Derek Atkins
- Re: Remove little-used algorithms from IKEv2 Paul Hoffman / VPNC
- Re: Remove little-used algorithms from IKEv2 Uri Blumenthal
- Re: Remove little-used algorithms from IKEv2 Paul Hoffman / VPNC
- Re: Remove little-used algorithms from IKEv2 Henry Spencer
- Re: Remove little-used algorithms from IKEv2 Paul Koning
- RE: Remove little-used algorithms from IKEv2 Hallam-Baker, Phillip
- Re: Remove little-used algorithms from IKEv2 Stephane Beaulieu
- RE: Remove little-used algorithms from IKEv2 Paul Hoffman / VPNC
- Re: Remove little-used algorithms from IKEv2 Dan McDonald