[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: The CR payload still
At 11:07 AM -0800 3/5/03, Brian Korver wrote:
>Except for the case of opportunistic IPsec, I don't see the point
>of telling your peer "I don't care".
There are other meanings than "I don't care". We need to be able to
say "send me a cert of type other than 4", namely types 11, 12, and
13. Currently, we can't specify that.
> Therefore, I agree that an empty
>CERTREQ should be prohibited in IKEv2, especially because it creates an
>interoperability rat hole.
It won't do that if we scope it correctly.
--Paul Hoffman, Director
--VPN Consortium