[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: New IPSec Monitoring MIB draft
-----BEGIN PGP SIGNED MESSAGE-----
>>>>> "Tero" == Tero Kivinen <kivinen@ssh.fi> writes:
Tero> Mostly, because that information can be quite large, and getting it
Tero> can be quite hard. Also the management statition etc can do the
Tero> same path validation procedures than the ike did if it wants.
But, maybe the question is, why isn't the ike getting the path right?
Tero> One thing we might want to add is to add table of trusted
Tero> CA-certificates in the MIB, so the management station etc can do
Tero> that path finding itself.
Yes, agreed.
Tero> I just don't see currently any reason to include all of the
Tero> certificates used in the authentication, and including them doesn't
How about just the DN of the certs used?
Actually, I've realized that most of what I want in the MIB is information
on why an SA *failed* to get setup... Will that fit?
:!mcr!: | Network and security consulting/contract programming
Michael Richardson | IPsec, VPN, Firewalls, PKI, network design, Unix admin
Personal: http://www.sandelman.ottawa.on.ca/People/Michael_Richardson/Bio.html
Corporate: http://www.sandelman.ottawa.on.ca/SSW/
ON HUMILITY: To err is human, to moo bovine.
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: latin1
Comment: Processed by Mailcrypt 3.4, an Emacs/PGP interface
iQDVAwUBNsI1AnMJp3VWzPepAQE4oQX/UkDH8z8SNHOS0sLzYF8KY78TuIYbJ5u5
BmAgAnD+Ba9M2eppnD1TooBxEGDuhxLu4BECki8qNHXcPrqok0v+uxdUuZYY3ITS
rElz1lBsU/26gQuXTfyF3Crld72qPn/ZvD45OByffdtV7K6WhiQB6W/UDHNTMIZr
jvcnklwiyLiY0mtSlX3s2pCyHSMS2MiFbc0WPF8V1BCfxECNxn07a/dcPCUbmh+8
LarucUHBTwSC88C/mvS0wD8qesmdmCGm
=Xu6z
-----END PGP SIGNATURE-----
References: