[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: I-D ACTION:draft-ietf-ipsec-pki-req-03.txt



At 04:35 PM 10/25/99 -0700, Brian Korver wrote:
>Why require that extendedKeyUsage be mandatory at all?

To identify the cert as being for IKE. I've been told that today's IKE 
systems use this OID as identification. I believe we should have *one* OID 
for all IKE implementations, and not try to slice and dice between "client" 
and "gateway" and so on.

Are there any IPsec implementations using the IPsec OIDs specified in RFC 
2459? Are there any implementations that require the use of other OIDs, 
like IKEend (1.3.6.1.5.5.8.2.1)?

--Paul Hoffman, Director
--VPN Consortium



Follow-Ups: References: