[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

questions: key length & cert retrieve: draft-ietf-ipsec-pki-req-01.txt

To: ipsec <ipsec@tis.com>
Subject: questions: key length & cert retrieve: draft-ietf-ipsec-pki-req-01.txt
From: "Hsu, Yung-Kao" <yungkaohsu@lucent.com>
Date: Thu, 10 Sep 1998 14:37:18 -0400
Organization: Lucent Technologies
Sender: owner-ipsec@ex.tis.com

I'm new, don't know enough, and have two questions.

1) In section 2.2, it is stated

	All the certificates used in the IPSec device and the PKI must 
	be of the same key length.

So, for examples, I can't have a CA with a 2048-bit key signs a cert of 
1024-bit key for my IPsec device. Why?

2) In section 3.2, it is stated

	IPSec devices MUST be able to retrieve their own fulfilled
	certificates, signing certificates for other IPSec devices, and
	identification certificates for other IPSec devices.

Does this mean that, from an IPsec device, I can query cert of other IPsec
devices even without establishing any communication to them?

Yung-Kao Hsu
Lucent Technologies

Follow-Ups:

Re: questions: key length & cert retrieve: draft-ietf-ipsec-pki-req-01.txt

From: Rodney Thayer <rodney@tillerman.nu>

Prev by Date: Re: comments on draft-ietf-ipsec-pki-req-01.txt - alternate names
Next by Date: cert chain processing
Prev by thread: I-D ACTION:draft-ietf-ipsec-pki-req-00.txt
Next by thread: Re: questions: key length & cert retrieve: draft-ietf-ipsec-pki-req-01.txt
Index(es):
- Main
- Thread