[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IKEV2: Issue #4 Revised Identity



Paul Hoffman / VPNC <paul.hoffman@vpnc.org> writes:

> At 9:11 PM -0500 2/11/03, Greg Carter wrote:
> >Just so I am clear, with your Revised ID proposal the only way to achieve
> >certificate caching is if the IKE implementation supports retrieval of
> >certificates via http URLs?
> 
> Nope, nothing in the document says that. You can cache any certs you
> know about from any means, such as from people who sent them to you in
> IKE.

Right, but how do you arrange to communicate what you've cached to the
peer so that they send you the right certificate if your cache is
invalid for some reason (assuming that you can't retrieve the
right one with HTTP)?

-Ekr