[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: multiple payloads via "ID_LIST"

To: "Michael C. Richardson" <mcr@sandelman.ottawa.on.ca>
Subject: Re: multiple payloads via "ID_LIST"
From: "Scott G. Kelly" <sgkelly@ix.netcom.com>
Date: Sun, 20 Sep 1998 11:27:36 -0700
CC: ipsec@tis.com
References: <199809182200.SAA08862@istari.sandelman.ottawa.on.ca>
Reply-To: skelly@redcreek.com
Sender: owner-ipsec@ex.tis.com

Michael C. Richardson wrote:

> >>>>> "Rodney" == Rodney Thayer <rodney@tillerman.nu> writes:
>
>     Rodney> I like this.  What would you want the cert to have in it?
>     Rodney> (Again, all I'm asking is how you want people to decide which
>     Rodney> cert to use given this payload...)

I'm still thinking about your proposal, and while I like the simplicity, there is
one remaining issue: neither my nor your proposal addresses port/protocol lists.
This is a difficult issue, because these are currently tied to the other address
type payloads. My thinking up to this point uncovers no simple, clean way to add
these without either altering existing payloads (which is almost certain to provoke
strong resistance), or adding new ones. Have you considered this problem?

Scott

References:

multiple payloads via "ID_LIST"

From: "Michael C. Richardson" <mcr@sandelman.ottawa.on.ca>

Prev by Date: multiple payloads via "ID_LIST"
Next by Date: Re: issues with IKE that need resolution
Prev by thread: multiple payloads via "ID_LIST"
Next by thread: Re: multiple payloads via "ID_LIST"
Index(es):
- Main
- Thread