[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Confirm decision on identity handling.



Hi Scott,

Sure it could, with prior agreement of the ID
to send.  This sort of prior agreement does
happen, at least sometimes, and may then be useful.

Regards,

Jim

> -----Original Message-----
> From: Scott G. Kelly [mailto:scott@airespace.com]
> Sent: Wednesday, April 23, 2003 3:35 PM
> To: Paul Hoffman / VPNC
> Cc: Jim Knowles; ipsec@lists.tislabs.com
> Subject: Re: Confirm decision on identity handling.
> 
> 
> Paul Hoffman / VPNC wrote:
> > 
> > At 11:47 AM -0700 4/23/03, jknowles@SonicWALL.com wrote:
> > >I think the purpose of the ID payload when using
> > >certs is (was) to specify which of several possible IDs
> > >contained in the cert should be used for policy
> > >lookup.
> > 
> > There is nothing in the IKEv2 spec that says this, and there is
> > nothing in RFC 2409 that says this. Hence, the desire for more
> > specificity in IKEv2.
> > 
> 
> And since the decision as to which ID will be used for this purpose is
> left to the receiver, it is not clear that the ID payload 
> could ever be
> reliably used this way...
> 
> Scott
>