[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: support for v1 certificates?

To: "Housley, Russ" <rhousley@rsasecurity.com>
Subject: Re: support for v1 certificates?
From: Brian Korver <briank@xythos.com>
Date: Fri, 15 Nov 2002 14:22:52 -0800
Cc: ipsec@lists.tislabs.com
In-Reply-To: <5.1.0.14.2.20021115154953.0556d310@exna07.securitydynamics.com>
Sender: owner-ipsec@lists.tislabs.com

On Friday, November 15, 2002, at 12:51 PM, Housley, Russ wrote:
> NO!
>
> I am suggesting that a discussion of trust anchors is needed.  The use 
> of v1 certs to install a trust anchor is reasonable.
>
> If the cert is transmitted in IKE, then it ought to be a v3 cert.

Ah, then we're in 100% agreement.

On that note, I left out using "raw" keys to install
trust anchors because I thought the practice was too
antiquated.  Does anyone know of any IPsec implementations
actually support importing public key blobs for this
purpose?

-brian
briank@xythos.com

References:
- Re: support for v1 certificates?
  - From: "Housley, Russ" <rhousley@rsasecurity.com>

Prev by Date: Re: support for v1 certificates?
Next by Date: Re: Adding revised identities to IKEv2
Prev by thread: Re: support for v1 certificates?
Next by thread: Generating Keying Material
Index(es):
- Date
- Thread