[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: The CR payload still

To: Brian Korver <briank@briank.com>
Subject: Re: The CR payload still
From: Paul Hoffman / VPNC <paul.hoffman@vpnc.org>
Date: Wed, 5 Mar 2003 15:33:52 -0800
Cc: <ipsec@lists.tislabs.com>
In-Reply-To: <BA8BBC96.43AC%briank@briank.com>
References: <BA8BBC96.43AC%briank@briank.com>
Sender: owner-ipsec@lists.tislabs.com

At 2:39 PM -0800 3/5/03, Brian Korver wrote:
>On 3/5/03 1:31 PM, "Paul Hoffman / VPNC" <paul.hoffman@vpnc.org> wrote:
>>  There are other meanings than "I don't care". We need to be able to
>>  say "send me a cert of type other than 4", namely types 11, 12, and
>>  13. Currently, we can't specify that.
>>
>>  It won't do that if we scope it correctly.
>>
>>  --Paul Hoffman, Director
>>  --VPN Consortium
>
>Paul,
>
>An empty CERTREQ still contains a cert type field.  The issue
>being discussed is the semantics of a missing CA field (in
>other words the CA's DN), not a missing cert type.

The document says:

    While intended to allow for future expansion, the only form of
    certificate request currently defined is X.509 signing certificate
    (4).

That's a pretty clear statement that other types are not covered by 
the CERTREQ.

--Paul Hoffman, Director
--VPN Consortium

References:
- Re: The CR payload still
  - From: Brian Korver <briank@briank.com>

Prev by Date: Re: SPI in Delete Payload of IKE / IKEv2
Next by Date: Re: suites vs. a la carte and IPcomp in IKEv2-05
Prev by thread: Re: The CR payload still
Next by thread: Re: The CR payload still
Index(es):
- Date
- Thread