[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
questions: key length & cert retrieve: draft-ietf-ipsec-pki-req-01.txt
I'm new, don't know enough, and have two questions.
1) In section 2.2, it is stated
All the certificates used in the IPSec device and the PKI must
be of the same key length.
So, for examples, I can't have a CA with a 2048-bit key signs a cert of
1024-bit key for my IPsec device. Why?
2) In section 3.2, it is stated
IPSec devices MUST be able to retrieve their own fulfilled
certificates, signing certificates for other IPSec devices, and
identification certificates for other IPSec devices.
Does this mean that, from an IPsec device, I can query cert of other IPsec
devices even without establishing any communication to them?
Yung-Kao Hsu
Lucent Technologies
Follow-Ups: