[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

JFK ID payload

To: ipsec@lists.tislabs.com
Subject: JFK ID payload
From: Eric Rescorla <ekr@rtfm.com>
Date: Tue, 05 Mar 2002 04:21:32 -0800
Sender: owner-ipsec@lists.tislabs.com

Section 4.2 of the new draft specifies the value of the ID payload as:

   IDi and IDr is expressed as a single octet specifying the type of
   ID used, followed by the ID material. The following ID types are
   specified.

   ID tag  Meaning
   1       A bundle of one or more PKIX certificates, CRLs, and OCSP
           responses, concatenated.

While this may work in theory, it will be difficult to implement
correctly, since the recipient will be forced to partially parse
the BER of each element in order to determine what type of entity
he's dealing with. In general it would probably be better for
JFK to separate and tag each entity.

-Ekr

Follow-Ups:
- Re: JFK ID payload
  - From: "Angelos D. Keromytis" <angelos@cs.columbia.edu>

Prev by Date: I-D ACTION:draft-ietf-ipsec-esp-v3-02.txt
Next by Date: RE: NAT Traversal
Prev by thread: I-D ACTION:draft-ietf-ipsec-esp-v3-02.txt
Next by thread: Re: JFK ID payload
Index(es):
- Date
- Thread