[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Certificate proposal

Hal writes:
> Bob Smart <[email protected]> writes:
> >Consider the IPSEC case. The current situation is:
> >1. We go through some process, let's call it Process A, where we determine
> >   that we want to talk to IP address
> This would be, say, a DNS lookup on www.egghead.com.

Just thought I'd point out that IPSEC isn't in general going to use
host keys. Its designed to be more general, and I hope that it ends up
being used much more like Kerberos -- i.e. well known service keys and
user keys.