[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Certificate Requesting

To: ipsec@tis.com
Subject: Re: Certificate Requesting
From: "Michael C. Richardson" <mcr@sandelman.ottawa.on.ca>
Date: Wed, 25 Feb 1998 12:43:22 -0500
In-reply-to: Your message of "Wed, 25 Feb 1998 10:14:55 EST." <3.0.5.32.19980225101455.0098f950@homebase.htt-consult.com>
Sender: owner-ipsec@ex.tis.com


>>>>> "Robert" == Robert Moskowitz <rgm-sec@htt-consult.com> writes:
    Robert> After the exchange, one or both systems might not have
    Robert> established authentication, becuase either the wrong cert and
    Robert> chain was sent, or the cert chain ended at the root, and did not
    Robert> proceed along the cross-cert link to the trusted third party
    Robert> root.  Thus there is a need to issue a cert-req and tell the
    Robert> other party, 'give me a cert plus chain that goes back to one of
    Robert> these DNs' (either a list of trusted roots, or your CA's root
    Robert> plus the TTP's root).

  I think we must permit IKE exchanges to continue until enough certs
have been exchanged.

   :!mcr!:            |  Sandelman Software Works Corporation, Ottawa, ON  
   Michael Richardson |Network and security consulting and contract programming
 Personal: <A HREF="http://www.sandelman.ottawa.on.ca/People/Michael_Richardson/Bio.html">mcr@sandelman.ottawa.on.ca</A>. PGP key available.
 Corporate: <A HREF="http://www.sandelman.ottawa.on.ca/SSW/">sales@sandelman.ottawa.on.ca</A>.

References:

Re: Certificate Requesting

From: Robert Moskowitz <rgm-sec@htt-consult.com>

Prev by Date: Deleting IPsec SA's
Next by Date: Re: Certificate Requesting
Prev by thread: Re: Certificate Requesting
Next by thread: RE: Certificate Requesting
Index(es):
- Main
- Thread