[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Certificate Requesting

To: "'Theodore Y. Ts'o'" <tytso@MIT.EDU>
Subject: RE: Certificate Requesting
From: Greg Carter <greg.carter@entrust.com>
Date: Sun, 22 Feb 1998 14:51:49 -0500
Cc: "'IPSEC Mailing List'" <ipsec@tis.com>, "'Dan Harkins'" <dharkins@cisco.com>, "'Roy Pereira'" <rpereira@TimeStep.com>
Sender: owner-ipsec@ex.tis.com

>----------
>From: 	Theodore Y. Ts'o[SMTP:tytso@MIT.EDU]
>Sent: 	Friday, February 20, 1998 11:53 PM
>To: 	Greg Carter
>Cc: 	'IPSEC Mailing List'; 'Dan Harkins'; 'Roy Pereira'
>Subject: 	Re: Certificate Requesting
>
>   From: Greg Carter <greg.carter@entrust.com>
>   Date: Fri, 20 Feb 1998 18:54:31 -0500
>
>You may not like it, but the ISAKMP document is pretty clear on this
>point:
>
>>The Certificate Request payloads MUST be accepted at any point
>>during the exchange.  The responder to the Certificate Request payload
>>MUST send its immediate certificate, if certificates are supported, and
>>SHOULD send as much of its certificate chain as possible.  

Thanks you just made my point.  Like it says "any point during the
exchange".
I would not interpret this to mean that I can arbitrarily extend the
exchange. There is plenty of opportunity to send the cert request during
the defined exchange. 

Bye.
Greg "Ralph Spice" Carter
My cat's breath smells like cat food...
greg.carter@entrust.com






>

Follow-Ups:

Re: Certificate Requesting

From: "Theodore Y. Ts'o" <tytso@MIT.EDU>

Prev by Date: RE: Regrouping for IPSEC WORKING GROUP LAST CALL
Next by Date: Re: IPSEC WORKING GROUP LAST CALL
Prev by thread: Re: Certificate Requesting
Next by thread: Re: Certificate Requesting
Index(es):
- Main
- Thread