Re: comments on draft-ietf-ipsec-pki-req-01.txt

Re: comments on draft-ietf-ipsec-pki-req-01.txt - alternate names

Dave Mason <dmason@tis.com> Mon, 14 September 1998 16:22 UTC

Received: (from majordom@localhost) by portal.ex.tis.com (8.8.2/8.8.2) id MAA06835 for ipsec-outgoing; Mon, 14 Sep 1998 12:22:13 -0400 (EDT)
Date: Mon, 14 Sep 1998 12:42:47 -0400
From: Dave Mason <dmason@tis.com>
Message-Id: <199809141642.MAA25689@rubicon.rv.tis.com>
To: rodney@tillerman.nu
Cc: ipsec@tis.com
Subject: Re: comments on draft-ietf-ipsec-pki-req-01.txt - alternate names
Sender: owner-ipsec@ex.tis.com
Precedence: bulk

>>
>>Could you change the wording of the third paragraph of section 3.2 to say:
>>
>>A root signing certificate
>>  ^^^^
>
>No.  If it's not at the top of the hierarchy then it's not a root.
>Been there, got that wrong.  You might not like my mandating 8 layers, and
>that's fine, but
>I am positive we'll need to deal with more than one-layer hierarchies.

Without the "root" specification, this paragraph (as well as the last
sentence of the second paragraph in section 3.3) precludes the sending
of certificate chains via IKE (which is fine with me since the proper
handling of chains received via IKE is not a simple matter :).

-dmason

comments on draft-ietf-ipsec-pki-req-01.txt - alt… Moshe Litvin
Re: comments on draft-ietf-ipsec-pki-req-01.txt -… Michael C. Richardson
Re: comments on draft-ietf-ipsec-pki-req-01.txt -… Rodney Thayer
Re: comments on draft-ietf-ipsec-pki-req-01.txt -… Tero Kivinen
Re: comments on draft-ietf-ipsec-pki-req-01.txt -… Rodney Thayer
Re: comments on draft-ietf-ipsec-pki-req-01.txt -… Joern Sierwald
Re: comments on draft-ietf-ipsec-pki-req-01.txt -… Tero Kivinen
Re: comments on draft-ietf-ipsec-pki-req-01.txt -… Steven M. Bellovin
Re: comments on draft-ietf-ipsec-pki-req-01.txt -… Moshe Litvin
Re: comments on draft-ietf-ipsec-pki-req-01.txt -… Dave Mason
Re: comments on draft-ietf-ipsec-pki-req-01.txt -… Rodney Thayer
RE: comments on draft-ietf-ipsec-pki-req-01.txt -… Rodney Thayer
Re: comments on draft-ietf-ipsec-pki-req-01.txt -… Rodney Thayer
Re: comments on draft-ietf-ipsec-pki-req-01.txt -… Rodney Thayer
Re: comments on draft-ietf-ipsec-pki-req-01.txt -… Michael C. Richardson
Re: comments on draft-ietf-ipsec-pki-req-01.txt -… bmanning
Re: comments on draft-ietf-ipsec-pki-req-01.txt -… Dave Mason
Re: comments on draft-ietf-ipsec-pki-req-01.txt -… Rizwan Mallal
RE: comments on draft-ietf-ipsec-pki-req-01.txt -… Dave Mason
Re: comments on draft-ietf-ipsec-pki-req-01.txt -… Rodney Thayer
Re: comments on draft-ietf-ipsec-pki-req-01.txt -… C. Harald Koch
Re: comments on draft-ietf-ipsec-pki-req-01.txt -… Rodney Thayer
Re: comments on draft-ietf-ipsec-pki-req-01.txt -… Michael C. Richardson
Re: comments on draft-ietf-ipsec-pki-req-01.txt -… Dave Mason
Re: comments on draft-ietf-ipsec-pki-req-01.txt -… Rodney Thayer