[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: me tarzan- me jane suggested text change
In my view, making ID check is local matter might result in
deployment interoperability problem. I don't see any problem
in making sure that both ID in the payload and ID in the
certificate match with ID configured in the IKE policies.
That is, all three have to be same. Does anybody see problem
in comparing IDs and ensuring that they are same and making
this mandatory?
Thanks for your time
jpickering@creeksidenet.com wrote:
>Per the SF discussion surrounding whether the ID payload must match the ID
>in a presented cert, I would like to add my vote for increased clarity. To do so,
>I believe the following text represents the spirit of the WG:
>
>In section 2.15, to the sentence that states:
>
>"Optionally, messages 3 and 4 MAY include a certificate, or certificate chain providing evidence
>that the key used to compute a digital signature belongs to the name in the ID payload."
>
>Add the following"
>
>" The exact requirement for mapping the name in the ID payload to an acceptable key is a local matter
>and outside the scope of this document".
>
>Jeff
--
The views presented in this mail are completely mine. The company is not responsible for whatsoever.
----------
Ravi Kumar CH
Rendezvous On Chip (i) Pvt Ltd
Hyderabad, India
Ph: +91-40-2335 1214 / 1175 / 1184
ROC home page