[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Adding revised identities to IKEv2

To: Paul Hoffman / VPNC <paul.hoffman@vpnc.org>
Subject: Re: Adding revised identities to IKEv2
From: Stephen Kent <kent@bbn.com>
Date: Fri, 8 Nov 2002 15:27:44 -0500
Cc: ipsec@lists.tislabs.com
In-Reply-To: <p05200f0fb9f198f66ecc@[165.227.249.18]>
References: <200211080946.gA89klte080353@givry.rennes.enst-bretagne.fr><p05200f0fb9f198f66ecc@[165.227.249.18]>
Sender: owner-ipsec@lists.tislabs.com

At 8:42 AM -0800 11/8/02, Paul Hoffman / VPNC wrote:
>At 10:46 AM +0100 11/8/02, Francis Dupont wrote:
>>=> there is no agreement about what checks must be done:
>>  - common sense says the identity must be a subject of the certificate
>>    (but this is not clearly specified in IKEv1 and perhaps some
>>     implementations don't perform this check)
>
>That does not follow. There is no standard way for the Subject to be 
>an email address (the way folks do it now is a non-standard hack), 
>there is no standard way for the Subject to be an IP address. I'm 
>not sure, but I think the DC method of doing domain names in the 
>Subject is also a non-standard hack.

I think the use of DC is a "standard hack," i.e., there is an RFC 
defining how to represent any DNS name in this fashion, and it may 
even state that this is the preferred way to do so if you use a DN 
rather than the SubAltname.

Steve

Follow-Ups:
- Re: Adding revised identities to IKEv2
  - From: Paul Hoffman / VPNC <paul.hoffman@vpnc.org>
- Re: Adding revised identities to IKEv2
  - From: "Housley, Russ" <rhousley@rsasecurity.com>

References:
- Re: Adding revised identities to IKEv2
  - From: Francis Dupont <Francis.Dupont@enst-bretagne.fr>
- Re: Adding revised identities to IKEv2
  - From: Paul Hoffman / VPNC <paul.hoffman@vpnc.org>

Prev by Date: RE: UDP-encapsulated IPsec Transport mode
Next by Date: IKE Leadership
Prev by thread: Re: Adding revised identities to IKEv2
Next by thread: Re: Adding revised identities to IKEv2
Index(es):
- Date
- Thread