[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Can the initiator send a type of ID randomly?

To: king wu <wmyking49@yahoo.com.cn>, <ipsec@lists.tislabs.com>
Subject: Re: Can the initiator send a type of ID randomly?
From: Brian Korver <briank@briank.com>
Date: Wed, 04 Dec 2002 00:59:42 -0800
In-Reply-To: <20021127103536.77145.qmail@web15105.mail.bjs.yahoo.com>
Sender: owner-ipsec@lists.tislabs.com
User-Agent: Microsoft-Entourage/10.0.0.1331

On 11/27/02 2:35 AM, "king wu" <wmyking49@yahoo.com.cn> wrote:
> hi, all
> 
> In the scenario with public sigiture keys in IKE, how
> does the initiator choose a type of ID? As we know,
> the ID includes FQDN,RFC822_ADDR,DER_ASN1_DN,etc.
> Then, can the initiator send a type of ID randomly?
> Or, are there some rules for doing it? I can't find
> the rules through the documents on IKE.
> Please help.
> thanks.
> 
> --King Wu
> 
> _________________________________________________________
> Do You Yahoo!? 
> "是IT精英吗？小试牛刀获时尚大奖！"
> http://cn.promo.yahoo.com/cgi-bin/udb/u

The ID type should either be an IP address or
some piece of information that appears in the
certificate.  How to choose which piece of
information is a local (policy) matter, but
often is closely associated with particular
authorization schemes (such as ACLs).  See
draft-ietf-ipsec-pki-profile-01.txt for more
discussion of this issue.

- brian
briank@briank.com

Prev by Date: RE: IKEv2 transport concerns
Next by Date: Re: Where can I find an old Internet-drafts?
Prev by thread: Re: (fwd from ipsec) Re: Handling of IPcomp in IKEv2
Next by thread: <none>
Index(es):
- Date
- Thread