[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Starting the decision on PIC vs. GetCert

To: "Robert Moskowitz" <rgm-sec@xxxxxxxxxxxxxxx>, "Ari Huttunen" <Ari.Huttunen@xxxxxxxxxxxx>, "Sara Bitan" <sarab@xxxxxxxxxxxx>
Subject: RE: Starting the decision on PIC vs. GetCert
From: "Bernard Aboba" <aboba@xxxxxxxxxxxxx>
Date: Mon, 12 Feb 2001 23:06:15 -0800
Cc: "IPSRA list" <ietf-ipsra@xxxxxxxx>, "Paul Hoffman" <phoffman@xxxxxxxx>
Importance: Normal
In-reply-to: <>
List-archive: <http://www.vpnc.org/ietf-ipsra/mail-archive/>
List-id: <ietf-ipsra.vpnc.org>
List-unsubscribe: <mailto:ietf-ipsra-request@vpnc.org?body=unsubscribe>
Sender: owner-ietf-ipsra@xxxxxxxxxxxxx

>when do you think it should occur (as part of authentication of client to
>AS or as part of receving cert).

My opinion: as part of receiving the cert. EAP authentication methods such
as SecurID are already specified and thus cannot be changed so as to push
policies. So this needs to be done outside of the EAP authentication
process.

Follow-Ups:
- RE: Starting the decision on PIC vs. GetCert
  - From: Yaron Sheffer

References:
- Re: Starting the decision on PIC vs. GetCert
  - From: Robert Moskowitz

Prev by Date: Re: Starting the decision on PIC vs. GetCert
Next by Date: Re: Starting the decision on PIC vs. GetCert
Previous by thread: Re: Starting the decision on PIC vs. GetCert
Next by thread: RE: Starting the decision on PIC vs. GetCert
Index(es):
- Date
- Thread