Re: [Nea] Well into solution space: PA interop

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



>>>>> "Douglas" == Douglas Otis <dotis@xxxxxxxxxxxxxx> writes:

    Douglas> This still seems like too much.  Information offered for
    Douglas> access can be contained within one or more certificates.
    Douglas> The information within these certificates should be
    Douglas> limited to a minimal set of values:

    Douglas> 1) creator 2) class 3) user-host 4) time-stamp 5) update
    Douglas> resources

    Douglas> The essential information would be the
    Douglas> creator/class/user-host/time- stamp fields.  When
    Douglas> protection is not enabled or is buggered, then a newer
    Douglas> certificate should not be offered.  The virus definitions
    Douglas> or patch updates can be deduced from the time-stamp or by
    Douglas> extensions added to class, i.e. AVX-VISTA-37.  If a
    Douglas> vulnerability is reported subsequent to the time-stamp
    Douglas> regarding the creator/class of service, then a new
    Douglas> certificate could be required.  This would simplify
    Douglas> tracking at the access point.  By keeping the information
    Douglas> exchanged and decisions limited to this minimal
    Douglas> information, NEA should provide a valuable services in
    Douglas> many environments.


How do I get a new cert if mine is expired?  Go for remediation and
get it there?

I actually like a lot of what you specify.


_______________________________________________

Ietf@xxxxxxxx
https://www1.ietf.org/mailman/listinfo/ietf

[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]