[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: SA payloads and Next payload

To: "'dpkemp@missi.ncsc.mil'" <dpkemp@missi.ncsc.mil>, "'wdm@epoch.ncsc.mil'" <wdm@epoch.ncsc.mil>
Subject: RE: SA payloads and Next payload
From: Roy Pereira <rpereira@TimeStep.com>
Date: Wed, 8 Oct 1997 11:34:41 -0400
Cc: "'ipsec@tis.com'" <ipsec@tis.com>
Sender: owner-ipsec@ex.tis.com

I would also propose this addition to the document.  Attribute
Certificates are very handy...

On Wednesday, October 08, 1997 10:40 AM, dpkemp@missi.ncsc.mil
[SMTP:dpkemp@missi.ncsc.mil] wrote:
> Doug,
> 
> I've had a request from a customer to add the capability to transmit
> X.509 Attribute Certificates within the ISAKMP Certificate payload.
> Attribute Certs allow authorization information (which may change
> frequently) to be attached to base certs (which are normally updated
> much less frequently), and they allow the authorization administrator
> to operate independently of the Certificate Authority.
> 
> Attribute Certificates are defined in the ISO/ITU X.509 standard, but
> have not yet been profiled in the PKIX document series.  There is
> support for doing so, but no one has yet volunteered to do the
> writing :-).
> 
> I propose adding the following line to the Cert Encoding field of the
> ISAKMP Certificate payload:
> 
>                 __________Certificate_Type___________Value___
>                 X.509 Certificate - Attribute         10
> 
> 
> Regards,
> Dave Kemp
> 

<snip>

Prev by Date: Re: SA payloads and Next payload
Next by Date: Re: IPsec Architecture -- proposed changes
Prev by thread: Re: SA payloads and Next payload
Next by thread: RE: SA payloads and Next payload
Index(es):
- Main
- Thread