[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Centralized Scheme versus Basic Authentication Scheme

To: ietf-pkix@xxxxxxx, "'Stefan_Salzmann/HAM/Lotus@xxxxxxxxx'" <Stefan_Salzmann/HAM/Lotus@xxxxxxxxx>
Subject: RE: Centralized Scheme versus Basic Authentication Scheme
From: Carlisle Adams <carlisle.adams@xxxxxxxxxxx>
Date: Wed, 14 Oct 1998 17:38:46 -0400
Sender: owner-ietf-pkix@xxxxxxx

Hi Stefan,

> ----------
> From:
> Stefan_Salzmann/HAM/Lotus@lotus.com[SMTP:Stefan_Salzmann/HAM/Lotus@lot
> us.com]
> Sent: 	Tuesday, October 13, 1998 9:39 AM
> To: 	ietf-pkix@imc.org
> Subject: 	Centralized Scheme versus Basic Authentication Scheme
> 
> Hello once again,
> 
> wouldn´t it be better as well as easier to use the centralized scheme
> instead
> using the basic authentication scheme:
> 
It may well be easier, but "better" depends upon your environment...

> In Draft draft-ietf-pkix-ipki3cmp-08.txt Certificate Management
> Protocols the
> basic authentication scheme MUST be used. So why not using the easier
> centralized scheme.
> 
> Thanks for answering,
> Stefan
> 
Many people object to the idea that the CA generates all key pairs (for
a variety of reasons, including the absence of strong non-repudiation
arguments).  Therefore, making the centralized scheme the mandatory
scheme was totally unacceptable to a large number of interested parties.


--------------------------------------------
Carlisle Adams
Entrust Technologies
cadams@entrust.com
--------------------------------------------

Prev by Date: Re: We Buy Anything!
Next by Date: RE: NEW Data type for certificate selection ?
Previous by thread: Centralized Scheme versus Basic Authentication Scheme
Next by thread: CA strong binds
Index(es):
- Date
- Thread