[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [Ipsec] certificate encoding type in IKEv2
Hi,
The typical purpose would be to provide a chain from the
recipient's trust anchor (root CA) to the end entity
certificate (corresponding to the key that was used to
generate the AUTH payload).
So in this case, the other certificates would be
intermediate CA certificates. Other, less common,
purposes could include e.g. using X.509 attribute
certificates to provide some kind of authorization
information.
Best regards,
Pasi
> -----Original Message-----
> From: ipsec-bounces@ietf.org n Behalf Of suram@intotoinc.com
> Sent: Friday, July 09, 2004 5:48 AM
> To: Eronen Pasi; vjyothi@intoto.com; ipsec@ietf.org
> Subject: RE: [Ipsec] certificate encoding type in IKEv2
>
> Hi
> I agree with you. I have some doubts regarding the use of
> multiple certificate payloads. On one hand, it is clear that
> the first certificate must correspond to the key used to sign
> the Auth payload.
>
> In this case, what would be the purpose of the other
> certificates? Is there any scenario where multiple certificates
> are used to verify the authentication?
>
> Regards
> Suram
_______________________________________________
Ipsec mailing list
Ipsec@ietf.org
https://www1.ietf.org/mailman/listinfo/ipsec