[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Certificate Requesting
>>>>> "Robert" == Robert Moskowitz <rgm-sec@htt-consult.com> writes:
Robert> After the exchange, one or both systems might not have
Robert> established authentication, becuase either the wrong cert and
Robert> chain was sent, or the cert chain ended at the root, and did not
Robert> proceed along the cross-cert link to the trusted third party
Robert> root. Thus there is a need to issue a cert-req and tell the
Robert> other party, 'give me a cert plus chain that goes back to one of
Robert> these DNs' (either a list of trusted roots, or your CA's root
Robert> plus the TTP's root).
I think we must permit IKE exchanges to continue until enough certs
have been exchanged.
:!mcr!: | Sandelman Software Works Corporation, Ottawa, ON
Michael Richardson |Network and security consulting and contract programming
Personal: <A HREF="http://www.sandelman.ottawa.on.ca/People/Michael_Richardson/Bio.html">mcr@sandelman.ottawa.on.ca</A>. PGP key available.
Corporate: <A HREF="http://www.sandelman.ottawa.on.ca/SSW/">sales@sandelman.ottawa.on.ca</A>.
References: