[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: support for v1 certificates?
On Friday, November 15, 2002, at 12:51 PM, Housley, Russ wrote:
> NO!
>
> I am suggesting that a discussion of trust anchors is needed. The use
> of v1 certs to install a trust anchor is reasonable.
>
> If the cert is transmitted in IKE, then it ought to be a v3 cert.
Ah, then we're in 100% agreement.
On that note, I left out using "raw" keys to install
trust anchors because I thought the practice was too
antiquated. Does anyone know of any IPsec implementations
actually support importing public key blobs for this
purpose?
-brian
briank@xythos.com