[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IKEV2: Issue #4 Revised Identity

To: ipsec@lists.tislabs.com
Subject: Re: IKEV2: Issue #4 Revised Identity
From: Russ Housley <housley@vigilsec.com>
Date: Mon, 17 Feb 2003 14:46:31 -0500
In-Reply-To: <200302122314.h1CNEVwj028118@thunk.east.sun.com>
References: <Your message of "Wed, 12 Feb 2003 16:01:18 EST." <200302122101.h1CL1JNM003124@marajade.sandelman.ottawa.on.ca>
Sender: owner-ipsec@lists.tislabs.com


> >   and that's where you find the crl. I don't know. I punt to pkix to decide
> > what the "URL" means. I think that there are documents now that tell me
> > how to get stuff via HTTP, right?
>
>Yes, and there's also apparently some way to embed URLs pointing to
>(multiple) CRL distribution points into certificates.

See RFC 3280, section 4.2.1.14, on  CRL Distribution Points.

    The CRL distribution points extension identifies how CRL information
    is obtained.  The extension SHOULD be non-critical, but this profile
    RECOMMENDS support for this extension by CAs and applications.

Russ

References:
- Re: IKEV2: Issue #4 Revised Identity
  - From: Michael Richardson <mcr@sandelman.ottawa.on.ca>
- Re: IKEV2: Issue #4 Revised Identity
  - From: Bill Sommerfeld <sommerfeld@east.sun.com>

Prev by Date: RE: IKE-hybrid mode authentication
Next by Date: Re: [Fwd: Re: ike2-v4: request or response] == major issue
Prev by thread: Re: IKEV2: Issue #4 Revised Identity
Next by thread: Re: IKEV2: Issue #4 Revised Identity
Index(es):
- Date
- Thread