RE: SA payloads and Next payload

[Greg Carter <greg.carter@entrust.com>]

I had asked for this awhile back, but think it was only in a private
email.  Whatever the case I'll second the request now.
Thanks. 
----
Greg Carter, Entrust Technologies
greg.carter@entrust.com
Get FREE FIPS-140-1 Validated Crypto for the desktop
http://www.entrust.com/solo.htm

>----------
>From: 	dpkemp@missi.ncsc.mil[SMTP:dpkemp@missi.ncsc.mil]
>Sent: 	Wednesday, October 08, 1997 10:39 AM
>To: 	wdm@epoch.ncsc.mil
>Cc: 	ipsec@tis.com; ietf-pkix@tandem.com
>Subject: 	Re: SA payloads and Next payload
>
>Doug,
>
>I've had a request from a customer to add the capability to transmit
>X.509 Attribute Certificates within the ISAKMP Certificate payload.
>Attribute Certs allow authorization information (which may change
>frequently) to be attached to base certs (which are normally updated
>much less frequently), and they allow the authorization administrator
>to operate independently of the Certificate Authority.
>
>Attribute Certificates are defined in the ISO/ITU X.509 standard, but
>have not yet been profiled in the PKIX document series.  There is
>support for doing so, but no one has yet volunteered to do the
>writing :-).
>
>I propose adding the following line to the Cert Encoding field of the
>ISAKMP Certificate payload:
>
>                __________Certificate_Type___________Value___
>                X.509 Certificate - Attribute         10
>
>

---

• Prev by Date: Re: IPsec Architecture -- proposed changes
• Next by Date: Re: IPsec Architecture -- proposed changes
• Prev by thread: RE: SA payloads and Next payload
• Next by thread: Removal of MLS
• Index(es):
  • Main
  • Thread