[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: SA payloads and Next payload
I would also propose this addition to the document. Attribute
Certificates are very handy...
On Wednesday, October 08, 1997 10:40 AM, dpkemp@missi.ncsc.mil
[SMTP:dpkemp@missi.ncsc.mil] wrote:
> Doug,
>
> I've had a request from a customer to add the capability to transmit
> X.509 Attribute Certificates within the ISAKMP Certificate payload.
> Attribute Certs allow authorization information (which may change
> frequently) to be attached to base certs (which are normally updated
> much less frequently), and they allow the authorization administrator
> to operate independently of the Certificate Authority.
>
> Attribute Certificates are defined in the ISO/ITU X.509 standard, but
> have not yet been profiled in the PKIX document series. There is
> support for doing so, but no one has yet volunteered to do the
> writing :-).
>
> I propose adding the following line to the Cert Encoding field of the
> ISAKMP Certificate payload:
>
> __________Certificate_Type___________Value___
> X.509 Certificate - Attribute 10
>
>
> Regards,
> Dave Kemp
>
<snip>