[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Adding revised identities to IKEv2

To: ipsec@lists.tislabs.com
Subject: Re: Adding revised identities to IKEv2
From: Michael Richardson <mcr@sandelman.ottawa.on.ca>
Date: Fri, 27 Dec 2002 17:51:51 -0500
In-reply-to: Your message of "Tue, 12 Nov 2002 22:22:41 +0200." <15825.25361.887103.61323@ryijy.hel.fi.ssh.com>
Sender: owner-ipsec@lists.tislabs.com

-----BEGIN PGP SIGNED MESSAGE-----


>>>>> "Tero" == Tero Kivinen <kivinen@ssh.fi> writes:
    Tero> One thing missing that was in the IKEv1 is the transfering of the
    Tero> CRLs, but when considering the size of them it is better to leave them
    Tero> out. 

  Doesn't RFC2585 cover this?
  I.e. if you can find the certificate via HTTP, can't you also find the CRL
at the same place, if there is one?

]       ON HUMILITY: to err is human. To moo, bovine.           |  firewalls  [
]   Michael Richardson, Sandelman Software Works, Ottawa, ON    |net architect[
] mcr@sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
Comment: Finger me for keys

iQCVAwUBPgzZhoqHRg3pndX9AQHv6wP/djqveU4B7ec8wrC20oicE5WqpS0M+QQe
+GGU8sT9nhzklSiWZqpQeYM80DkVSl3xo2NOl7+fsmUNUCkVwSJGMQWlKI6j7obm
Ifws0NYZ50/koE8WN4IaFVjhhcfg/gEP5v6owCmAzBL4K1nBwcEEZcbKr3cJyktB
kgCCA+klxSw=
=4XEG
-----END PGP SIGNATURE-----

Prev by Date: Re: Adding revised identities to IKEv2
Next by Date: Re: Authentication methods in IKEv2
Prev by thread: Re: Adding revised identities to IKEv2
Next by thread: Re: Adding revised identities to IKEv2
Index(es):
- Date
- Thread