[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Ipsec] certificate encoding type in IKEv2




Hi,

The typical purpose would be to provide a chain from the 
recipient's trust anchor (root CA) to the end entity 
certificate (corresponding to the key that was used to 
generate the AUTH payload).

So in this case, the other certificates would be 
intermediate CA certificates. Other, less common,
purposes could include e.g. using X.509 attribute
certificates to provide some kind of authorization
information.

Best regards,
Pasi

> -----Original Message-----
> From: ipsec-bounces@ietf.org n Behalf Of suram@intotoinc.com
> Sent: Friday, July 09, 2004 5:48 AM
> To: Eronen Pasi; vjyothi@intoto.com; ipsec@ietf.org
> Subject: RE: [Ipsec] certificate encoding type in IKEv2
> 
> Hi
> I agree with you.  I have some doubts regarding the use of 
> multiple certificate payloads.  On one hand, it is clear that 
> the first certificate must correspond to the key used to sign 
> the Auth payload.
> 
> In this case, what would be the purpose of the other 
> certificates?  Is there any scenario where multiple certificates 
> are used to verify the authentication?
> 
> Regards
> Suram

_______________________________________________
Ipsec mailing list
Ipsec@ietf.org
https://www1.ietf.org/mailman/listinfo/ipsec