[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: How do IKE peers synchronize public keys ?

To: Tero Kivinen <kivinen@ssh.fi>
Subject: Re: How do IKE peers synchronize public keys ?
From: Sara Bitan <sarab@radguard.com>
Date: Wed, 11 Nov 1998 16:25:20 +0200
Cc: Yael Dayan <yael@radguard.com>, ipsec@tis.com
Organization: RADGUARD
References: <36494BF5.9FC5F0CC@radguard.com> <199811111056.MAA14133@torni.ssh.fi>
Sender: owner-ipsec@ex.tis.com

Tero Kivinen wrote:
> 
> If the certificates both are for the same public key this is ok, and
> it doesn't matter which one the initiator uses. If the public key is
> different, then I think the responder MUST not send two end user
> certificates, only one.
> 

Looking at the ISAKMP draft once again it says:

" The responder to the Certificate Request payload MUST
send its certificate, if certificates are supported, based on the values
contained in the payload.  If multiple certificates are required, then
multiple Certificate Request payloads SHOULD be transmitted. "

The wording contradicts what we think an implementation should do....

 Sara.

Follow-Ups:

Re: How do IKE peers synchronize public keys ?

From: Tero Kivinen <kivinen@ssh.fi>

References:

How do IKE peers synchronize public keys ?

From: Sara Bitan <sarab@radguard.com>

How do IKE peers synchronize public keys ?

From: Tero Kivinen <kivinen@ssh.fi>

Prev by Date: Bundles, policies, tunneling, ordering etc...
Next by Date: I-D ACTION:draft-ietf-ipsec-intragkm-00.txt
Prev by thread: Re: How do IKE peers synchronize public keys ?
Next by thread: Re: How do IKE peers synchronize public keys ?
Index(es):
- Main
- Thread