[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Ipsec] OCSP in IKEv2
All,
Please consider and comment on the following.
Michael Myers
-----Original Message-----
From: i-d-announce-bounces@ietf.org
Sent: Monday, July 12, 2004 12:36 PM
A New Internet-Draft is available from the on-line
Internet-Drafts directories.
Title : OCSP Extensions to IKEv2
Author(s) : M. Myers, H. Tschofenig
Filename : draft-myers-ipsec-ikev2-oscp-00.txt
Pages : 8
Date : 2004-7-12
While IKEv2 supports public key based authentication (PKI), the
corresponding use of in-band CRLs is problematic due to
unbounded CRL
size. The size of an OCSP response is however well-bounded and
small.
This document defines two extensions to IKEv2 which enable the
use of
OCSP for in-band signaling of certificate revocation status.
Two new
content encodings are defined for use in the CERTREQ and CERT
payloads:
OCSP Responder Hash and OCSP Response. An OCSP Responder Hash
CERTREQ
payload triggers transmission of an OCSP Response CERT payload.
A URL for this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-myers-ipsec-ikev2-oscp
-00.txt
_______________________________________________
Ipsec mailing list
Ipsec@ietf.org
https://www1.ietf.org/mailman/listinfo/ipsec