[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
CRLs
Greg Carter writes:
> So don't send it unless asked, if asked the above covers how. If they ask
> then they can process, so there shouldn't be interop problems. If they ask
If they cannot process CRLs inside the IKE then the implementation is
broken, and does not follow the ISAKMP RFC. The ISAKMP RFC says very
clearly that certificate payload MUST be accepted at any point during
an exchange. The implementation can throw the CRL it received away,
but it must be able to receive certificate payloads anywhere.
--
kivinen@iki.fi Work : +358-9-4354 3218
SSH Communications Security http://www.ssh.fi/
SSH IPSEC Toolkit http://www.ssh.fi/ipsec/
References:
- CRLs
- From: Greg Carter <greg.carter@entrust.com>