RE: comments on draft-ietf-ipsec-pki-req-01.txt

RE: comments on draft-ietf-ipsec-pki-req-01.txt - alternate names

Dave Mason <dmason@tis.com> Sat, 12 September 1998 08:15 UTC

Received: (from majordom@localhost) by portal.ex.tis.com (8.8.2/8.8.2) id EAA00140 for ipsec-outgoing; Sat, 12 Sep 1998 04:15:54 -0400 (EDT)
Date: Fri, 11 Sep 1998 12:37:26 -0400
From: Dave Mason <dmason@tis.com>
Message-Id: <199809111637.MAA11444@rubicon.rv.tis.com>
To: rodney@tillerman.nu
Cc: ipsec@tis.com
Subject: RE: comments on draft-ietf-ipsec-pki-req-01.txt - alternate names
Sender: owner-ipsec@ex.tis.com
Precedence: bulk

>It seems to me that all this "but the CA said it was ok" logic ignores the possibility that the private key might be stolen.  I am not arguing with the fact the CA said it was ok, I am thinking about the case where the situation has changed, and, for example, the private key got stolen (i.e. the router was stolen and is now sitting on some other network with a different IP address.)

If it's marked as a non-mobile certificate in the policy database, the
database would restrict the ip addresses allowed for the remote end.
Having the ip address in the certificate might shrink the policy database
a little (but probably not) and would just enlarge the certificate.

-dmason

comments on draft-ietf-ipsec-pki-req-01.txt - alt… Moshe Litvin
Re: comments on draft-ietf-ipsec-pki-req-01.txt -… Michael C. Richardson
Re: comments on draft-ietf-ipsec-pki-req-01.txt -… Rodney Thayer
Re: comments on draft-ietf-ipsec-pki-req-01.txt -… Tero Kivinen
Re: comments on draft-ietf-ipsec-pki-req-01.txt -… Rodney Thayer
Re: comments on draft-ietf-ipsec-pki-req-01.txt -… Joern Sierwald
Re: comments on draft-ietf-ipsec-pki-req-01.txt -… Tero Kivinen
Re: comments on draft-ietf-ipsec-pki-req-01.txt -… Steven M. Bellovin
Re: comments on draft-ietf-ipsec-pki-req-01.txt -… Moshe Litvin
Re: comments on draft-ietf-ipsec-pki-req-01.txt -… Dave Mason
Re: comments on draft-ietf-ipsec-pki-req-01.txt -… Rodney Thayer
RE: comments on draft-ietf-ipsec-pki-req-01.txt -… Rodney Thayer
Re: comments on draft-ietf-ipsec-pki-req-01.txt -… Rodney Thayer
Re: comments on draft-ietf-ipsec-pki-req-01.txt -… Rodney Thayer
Re: comments on draft-ietf-ipsec-pki-req-01.txt -… Michael C. Richardson
Re: comments on draft-ietf-ipsec-pki-req-01.txt -… bmanning
Re: comments on draft-ietf-ipsec-pki-req-01.txt -… Dave Mason
Re: comments on draft-ietf-ipsec-pki-req-01.txt -… Rizwan Mallal
RE: comments on draft-ietf-ipsec-pki-req-01.txt -… Dave Mason
Re: comments on draft-ietf-ipsec-pki-req-01.txt -… Rodney Thayer
Re: comments on draft-ietf-ipsec-pki-req-01.txt -… C. Harald Koch
Re: comments on draft-ietf-ipsec-pki-req-01.txt -… Rodney Thayer
Re: comments on draft-ietf-ipsec-pki-req-01.txt -… Michael C. Richardson
Re: comments on draft-ietf-ipsec-pki-req-01.txt -… Dave Mason
Re: comments on draft-ietf-ipsec-pki-req-01.txt -… Rodney Thayer