|
|
| Applications |
| Mailing Lists |
| Miscellaneous |
| Operating Systems |
| Programming |
Re: linux-ipsec: Re: your mail
Date: Wed Dec 02 1998 - 07:30:20 EST
Hello,
> On Tue, 1 Dec 1998, John Gilmore wrote:
Basically I agree with John's stepping, while I want to "partition" it a bit more:
> On Tue, 1 Dec 1998, John Gilmore wrote:
> My guess at what needs doing is: First, IKE needs to be able to
Which includes to recognize requested auth. mode, "payload-payload"-en-/decryption, support of CERT payloads (possibly some more things) - I'd suppose this requires some major redesign of pluto's protocol engine (Hugh Redelmeier, what would you say?)
> Once it can do that, then, IKE needs to do a DNS lookup to get an
Until that, are we interoperable for PKE/SIG, yet?
> Once it can do that, we'll need a few utilities for easily
Hmm, only for public keys of entities stored in "DNS certificate hierarchy", right? Advantage is, that the whole verification process is done by the resolver lib.
But I'd argue that we later should support at least X.509/PKIX certificates, too (for that part, SSLeay might be a good starting point). These certificates can be retireved by IKE itself (CERT payload), from DNS (which is serving as a directory service here) or by LDAP from any "independent" directory service.
Greetings
Kai
# Kai Martius # # Dpt. of Medical CS and Biometrics / Dresden University of Technology # # PGP Fingerprint: to be compared after download of my key # # Key and more info (especially IP-security related) see my Homepage # # http://www.imib.med.tu-dresden.de/imib/personal/kai.html #Received on Wed Dec 2 09:04:21 1998
This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 12:59:08 EDT
|
Contact Us Legal Notices Order Services Online Pantek Home Privacy Policy IT news Site Map Pantek Library |