[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: CERT REQ payload Handling Clarification

To: "Suresh Singh K." <sureshsingh.keisam@analog.com>, <ipsec@lists.tislabs.com>
Subject: Re: CERT REQ payload Handling Clarification
From: Ramana Yarlagadda <ramana.yarlagadda@analog.com>
Date: Wed, 31 Jul 2002 15:34:25 -0700
In-Reply-To: <018a01c238be$7c244a50$5a8b4789@pcuclinux>
Sender: owner-ipsec@lists.tislabs.com

Hi,

I think we have to use only DER encoding here and not the BER.
Becuase the protocol doesn't allow you to negotiate  encoding method .
And so BER encoding is not used in IKE.

-cheers
-ramana

At 11:16 AM 7/31/02 -0700, Suresh Singh K. wrote:

>Hi ,
>      Please clarify the following Issue for CERT REQ payload Handling :
>
>       As the encoding of a CA 's  DN  into the CERT_REQ payload
>is done using BER ,one should be able to encode it using DER only
>(as DER is subset of BER). And the other end's BER decoding  software
>should be able to decode the DER encoding.
>      For decoding , we cannot assume that the other end with always
>encode the CA's DN in DER only. He can encode using the other
>two BER encoding method , in which case we should be able to
>decode any of the 3 encoding method for BER, including DER.
>

References:
- CERT REQ payload Handling Clarification
  - From: "Suresh Singh K." <sureshsingh.keisam@analog.com>

Prev by Date: RE: Clarification of potential NAT multiple client solutions
Prev by thread: CERT REQ payload Handling Clarification
Index(es):
- Date
- Thread