[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Ipsec] certificate encoding type in IKEv2

Hi all,

In draft-ietf-ipsec-ikev2-14.txt, section 3.6 following certificate encoding types are defined:

           PKCS #7 wrapped X.509 certificate    1
           PGP Certificate                      2
           DNS Signed Key                       3
           X.509 Certificate - Signature        4
           Kerberos Token                       6
           Certificate Revocation List (CRL)    7
           Authority Revocation List (ARL)      8
           SPKI Certificate                     9
           X.509 Certificate - Attribute       10
           Raw RSA Key                         11
           Hash and URL of X.509 certificate   12
           Hash and URL of X.509 bundle        13

I would like to what is MUST in above defined types.
In IKEv2, it is X.509 certificate-signature.

I would also like to know what is cert bundle which is defined in page 58.
Is it related to certificate chain??

How can we use certificate chains in IKEv2??

Many thanks in advance,
Jyothi
 
_______________________________________________
Ipsec mailing list
Ipsec@ietf.org
https://www1.ietf.org/mailman/listinfo/ipsec