To:
Derek Atkins <warlord@MIT.EDU>
CC:
Paul Hoffman / IMC <phoffman@imc.org>, keydist@cafax.se
From:
Steve Hanna <steve.hanna@sun.com>
Date:
Fri, 04 Jan 2002 16:01:20 -0500
Delivery-Date:
Fri Jan 4 22:03:18 2002
Sender:
owner-keydist@cafax.se
Subject:
Re: From whence we came...
Derek Atkins wrote: > Currently, I can point to SSH and Linux FreeS/WAN (an IPsec > implementation) that do not support certificates and appear to be > very happy not supporting certificates. Similarly, the IPsec > Opportunistic Encryption proposal requires a single, global > insfrastructure for keying information that is tied to IP Addresses. SSHv2 recommends support for X.509v3 certificates for server authentication. Support for SPKI and PGP certificates is optional. The commercial version of SSH 3.0 apparently includes support for client authentication using certificates. So I question your assertion that they are happy not supporting certificates. -Steve