Peter Stamfest wrote:
> What I have in mind is not SSL over UDP. It shares the same ideas,
> though. The problem with SSL for encapsulation of PPP traffic is the
> retransmit problem. Therefore, there is no "standard" SSL involved in what
> I think of. However, the crypto/certificate code of openssl comes in very
> handy...
SKIP w/signed certs instead of UDH is superior to ISAKMP/Oakley in
many respects -- the use of DH shared secrets means that no handshake
is required, secure multicast groups are manageable, etc. SKIP
happened to arise before PKI had any maturity, but the Cert discovery
protocol is outside SKIP itself, and there is provision for extending
it to accomodate different identity types, including X.509v3 identities.
OpenSSL-generated DSA certs are suitable, given the appropriate
DSA parameters.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
