Re: comments on draft-ietf-ipsec-pki-req-01.txt - alternate names
Rodney Thayer <rodney@tillerman.nu> Fri, 11 September 1998 01:03 UTC
Received: (from majordom@localhost) by portal.ex.tis.com (8.8.2/8.8.2) id VAA26032 for ipsec-outgoing; Thu, 10 Sep 1998 21:03:08 -0400 (EDT)
Message-Id: <199809110017.UAA03786@2gn.com>
X-Sender: rodney@module-one.tillerman.nu
X-Mailer: QUALCOMM Windows Eudora Pro Version 4.0.2
Date: Thu, 10 Sep 1998 21:14:08 -0400
To: Joern Sierwald <joern.sierwald@datafellows.com>
From: Rodney Thayer <rodney@tillerman.nu>
Subject: Re: comments on draft-ietf-ipsec-pki-req-01.txt - alternate names
Cc: ipsec@tis.com
In-Reply-To: <3.0.5.32.19980910155808.00a383f0@smtp.datafellows.com>
References: <199809101109.HAA00656@2gn.com> <199809101154.OAA09700@torni.ssh.fi> <199809092123.RAA30098@2gn.com> <35F56A73.E0376BE8@cale.checkpoint.com> <199809092123.RAA30098@2gn.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by portal.ex.tis.com id VAA26029
Sender: owner-ipsec@ex.tis.com
Precedence: bulk
It's an IP _Security_ gateway. It' in the protection business. If it finds something funny about anything (like the wrong cert coming from the wrong place) it should do something. It's supposed to be protecting against, for example, IP address spoofing or use of stolen router. At 03:58 PM 9/10/98 +0300, you wrote: >At 08:11 10/09/98 -0400, you wrote: > >>So a random packet from an illegitimate address identified with >>a certificate from example.com (a defined-to-be-invalid domain) is fine? > >Do you trust the CA that signed the certificate? Is the certificate >still valid? >If you answer both questions with "yes", it is fine. > >>So the actual identity and the sanity of that identity are irrelevant? > >You don't check the "sanity of that identity". The CA should do. >You just check the sanity of the CA. > >Jörn Sierwald >
- comments on draft-ietf-ipsec-pki-req-01.txt - alt… Moshe Litvin
- Re: comments on draft-ietf-ipsec-pki-req-01.txt -… Michael C. Richardson
- Re: comments on draft-ietf-ipsec-pki-req-01.txt -… Rodney Thayer
- Re: comments on draft-ietf-ipsec-pki-req-01.txt -… Tero Kivinen
- Re: comments on draft-ietf-ipsec-pki-req-01.txt -… Rodney Thayer
- Re: comments on draft-ietf-ipsec-pki-req-01.txt -… Joern Sierwald
- Re: comments on draft-ietf-ipsec-pki-req-01.txt -… Tero Kivinen
- Re: comments on draft-ietf-ipsec-pki-req-01.txt -… Steven M. Bellovin
- Re: comments on draft-ietf-ipsec-pki-req-01.txt -… Moshe Litvin
- Re: comments on draft-ietf-ipsec-pki-req-01.txt -… Dave Mason
- Re: comments on draft-ietf-ipsec-pki-req-01.txt -… Rodney Thayer
- RE: comments on draft-ietf-ipsec-pki-req-01.txt -… Rodney Thayer
- Re: comments on draft-ietf-ipsec-pki-req-01.txt -… Rodney Thayer
- Re: comments on draft-ietf-ipsec-pki-req-01.txt -… Rodney Thayer
- Re: comments on draft-ietf-ipsec-pki-req-01.txt -… Michael C. Richardson
- Re: comments on draft-ietf-ipsec-pki-req-01.txt -… bmanning
- Re: comments on draft-ietf-ipsec-pki-req-01.txt -… Dave Mason
- Re: comments on draft-ietf-ipsec-pki-req-01.txt -… Rizwan Mallal
- RE: comments on draft-ietf-ipsec-pki-req-01.txt -… Dave Mason
- Re: comments on draft-ietf-ipsec-pki-req-01.txt -… Rodney Thayer
- Re: comments on draft-ietf-ipsec-pki-req-01.txt -… C. Harald Koch
- Re: comments on draft-ietf-ipsec-pki-req-01.txt -… Rodney Thayer
- Re: comments on draft-ietf-ipsec-pki-req-01.txt -… Michael C. Richardson
- Re: comments on draft-ietf-ipsec-pki-req-01.txt -… Dave Mason
- Re: comments on draft-ietf-ipsec-pki-req-01.txt -… Rodney Thayer