[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: PKIX vs draft-ietf-ipsec-pki-req-02.txt

To: marks@xxxxxxxxxx
Subject: Re: PKIX vs draft-ietf-ipsec-pki-req-02.txt
From: Stephen Kent <kent@xxxxxxx>
Date: Mon, 2 Aug 1999 14:40:44 -0400
Cc: ipsec@xxxxxxxxxxxxxxxxx
In-reply-to: <>
Sender: owner-ipsec@xxxxxxxxxxxxxxxxx

Mark,

IPsec, unlike SSL, has no client or server roles. It is a peer communication protocol. So, I am not so keen to put in distinctions of the sort you mentioned. Aslo, the following OIDs are from 2459, and they don't contain an "ipsec server" entry:

KeyPurposeId ::= OBJECT IDENTIFIER

-- extended key purpose OIDs
id-kp-serverAuth OBJECT IDENTIFIER ::= { id-kp 1 }
id-kp-clientAuth OBJECT IDENTIFIER ::= { id-kp 2 }
id-kp-codeSigning OBJECT IDENTIFIER ::= { id-kp 3 }
id-kp-emailProtection OBJECT IDENTIFIER ::= { id-kp 4 }
id-kp-ipsecEndSystem OBJECT IDENTIFIER ::= { id-kp 5 }
id-kp-ipsecTunnel OBJECT IDENTIFIER ::= { id-kp 6 }
id-kp-ipsecUser OBJECT IDENTIFIER ::= { id-kp 7 }
id-kp-timeStamping OBJECT IDENTIFIER ::= { id-kp 8 }

I hate to admit it, as co-chair of PKIX, but I'm not sure why we have an ipsecTunnel entry here. User and EndSystem make sense, but not tunnel.

Steve

Follow-Ups:
- Re: PKIX vs draft-ietf-ipsec-pki-req-02.txt
  - From: Rodney Thayer
- Re: PKIX vs draft-ietf-ipsec-pki-req-02.txt
  - From: Mark Shuttleworth

References:
- PKIX vs draft-ietf-ipsec-pki-req-02.txt
  - From: Mark Shuttleworth

Prev by Date: PKIX vs draft-ietf-ipsec-pki-req-02.txt
Next by Date: Re: PKIX vs draft-ietf-ipsec-pki-req-02.txt
Previous by thread: PKIX vs draft-ietf-ipsec-pki-req-02.txt
Next by thread: Re: PKIX vs draft-ietf-ipsec-pki-req-02.txt
Index(es):
- Date
- Thread