Re: Certificate Requesting

["Theodore Y. Ts'o" <tytso@MIT.EDU>]

   Date: Mon, 9 Mar 98 07:43:56 EST
   From: wdm@epoch.ncsc.mil (W. Douglas Maughan)

   Section 4.1 of ISAKMP states that Information Exchanges MUST be
   implemented. Notify Payloads are sent via an Informational Exchange, so
   implementations must handle the Notify messages, including those that
   say MISSING CERTIFICATE or REQUESTED-CERT-UNAVAILABLE (Michael
   Richardson's wording).

   I'm willing to add this as an additional Notify Message Type as long as
   we believe we have *rough* consensus.

Surely handling Informational Exchanges is different from requiring that
*all* notify payloads must be implemented.  Suppose we define new
payloads in the future; existing implementations wouldn't considered
non-compliant because they failed to anticipate the specification of a
new notify payload.  

In any case, my understanding is that this notify message is provides a
message of an informational nature, and so an implementation is allowed
to ignore the message if it so chooses.  In bureaucratese, this gets
roughly translated as "taking the information under advisement".  :-)

(Of course, it shouldn't make like an NT workstation after seeing an
illegally fragmented UDP packet!  That would be Bad.)

							- Ted

---

References:

• Re: Certificate Requesting
• From: wdm@epoch.ncsc.mil (W. Douglas Maughan)

---

• Prev by Date: Re: ISAKMP-09 diagrams
• Next by Date: Re: VPN tunnel management bof
• Prev by thread: Re: Certificate Requesting
• Next by thread: VPN tunnel management bof
• Index(es):
  • Main
  • Thread