[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: ISAKMP Query
It is the binary ASN.1 DER encoding of the DN of the CA. Not the entire
certificate.
Bye.
----
Greg Carter, Entrust Technologies
greg.carter@entrust.com
> ----------
> From: Jesse Walker[SMTP:jwalker@shiva.com]
> Sent: Friday, January 15, 1999 3:50 PM
> To: ipsec@tis.com
> Subject: ISAKMP Query
>
>
> There is no definition of what the "Distinguished Name encoding" might be
> in this or any of the other ISAKMP-related RFCs. RFC 2407 does give an
> encoding for distinguished names, but only in the context of the ID
> payload. Further, the cisco reference implementation seems to include the
> entire certificate of the CA, using the encodings defined for a
> Certificate
> Request. The discussion at PKI night at the Binghamton Bakeoff also
> pointed
> to encoding the entire CA certificate into the payload and not less. But
> the RFC does not say to use the CA's certificate.
>
> What is the correct interpretation of this text?
>
>