[ietf-enroll] Charter
Paul Hoffman / VPNC
paul.hoffman at vpnc.org
Thu May 1 18:52:27 EDT 2003
At 1:30 PM -0700 5/1/03, Jim Schaad wrote:
>I am agnositic on this term. My main problem with identity is that, for
>me, it implies actual knowledge of who is on the other side. But I can
>see people making the same argument on name. One term that I consdered
>using here, and I see is in my vocabulary list is "Entity Label". Would
>you consider this as a better term?
It is better than "name". Also, "identity" can sound like something
that there is just one of. I'm fine with "entity label".
> > I'm not sure why this is here. If I understand the list above, the
>> protocol looks a bit like:
>>
>> Alice: "I'm Alice, here is my keying material, and I want the set of
>> permissions called A."
>> Bob: "I agree with your keying material, therefore I agree you are
>> Alice and you get permissions A."
>>
>> A different model that I think is even more common and
>> expected would be:
>>
>> Alice: "I'm Alice, here is my keying material; what
>> permissions do I get?"
>> Bob: "I agree with your keying material, therefore I agree you are
>> Alice, and I give you permissions A."
>>
>> If people agree with that description, then #3 above is not needed.
>
>I consider both models to be acceptable within the framework. Sometimes
>there is only one thing that can be asked for, some times the enrollee
>wants to ask for certain privelges and some times the enroller wants to
>say that only some things (which can change over time) can change.
In that case, you need to make #3 optional.
--Paul Hoffman, Director
--VPN Consortium
More information about the ietf-enroll
mailing list