[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Work around using SPKI certificates instead of X509

To: clynn@bbn.com
Subject: Work around using SPKI certificates instead of X509
From: SALLE Mathias <matsal@hplb.hpl.hp.com>
Date: Fri, 20 Nov 1998 17:37:54 +0000
Cc: ipsec@tis.com
Sender: owner-ipsec@ex.tis.com

hi,

REFERENCE: ipsec drafts, SPKI drafts
PROBLEM:
 Is it possible to use ISAKMP/Oakley to establish an SA and at the same
time exchange users SPKI certificates, this in a context of a Host to
Host mode.

QUESTION:
 Is there any work around using SPKI certificates instead of X509
certificates in ISAKMP?

 If no, would it be possible to use Certificate Request Payload and
Certificate Payload to exchange SPKI certificates? Is there any drafts
on that?

 The Extended Authentication Within ISAKMP/OAkley
<draft-ietf-ipsec-isakmp-xauth-03.txt> describe different authentication
methods but none of them are related to this problem.

I will appreciate all your comments,

thanks

regards,

mathias
-- 
___________________________________________
Mathias SALLE
Networked Systems Dpt.
Hewlett-Packard Research Labs
Filton Road
Stoke Gifford
Bristol  BS12 6QZ, UK

E-mail: matsal@otter.hpl.hp.com
Tel   : +44 (0)117 922 9753
___________________________________________

Follow-Ups:

Re: Work around using SPKI certificates instead of X509

From: Michael Richardson <mcr@sandelman.ottawa.on.ca>

Prev by Date: Re: need of information on a selector field
Next by Date: BOUNCE ipsec@portal.ex.tis.com: Non-member submission from [Will Price <wprice@cyphers.net>]
Prev by thread: Security Policy System Draft and Reference Implementation
Next by thread: Re: Work around using SPKI certificates instead of X509
Index(es):
- Main
- Thread