Re: Work around using SPKI certificates instead of X509

[Michael Richardson <mcr@sandelman.ottawa.on.ca>]

-----BEGIN PGP SIGNED MESSAGE-----


>>>>> "SALLE" == SALLE Mathias <matsal@hplb.hpl.hp.com> writes:
    SALLE> REFERENCE: ipsec drafts, SPKI drafts PROBLEM: Is it
    SALLE> possible to use ISAKMP/Oakley to establish an SA and at the
    SALLE> same time exchange users SPKI certificates, this in a
    SALLE> context of a Host to Host mode.

    SALLE> QUESTION: Is there any work around using SPKI certificates
    SALLE> instead of X509 certificates in ISAKMP?

    SALLE>  If no, would it be possible to use Certificate Request
    SALLE> Payload and Certificate Payload to exchange SPKI
    SALLE> certificates? Is there any drafts on that?

  There is a certificate type in ISAKMP for SPKI. The format of it has
not been defined. I would suggest that one could either put multiple
SPKI certs (in binary form), just pasted together, or better, a
(sequence ...) of them.

  See isakmp-10, page 34.

  A draft defining a SPKI certificate tag for IPsec SA's would be a
wonderful thing.

]     Internet Security. Have encryption, will travel           |1 Fish/2 Fish[
]   Michael Richardson, Sandelman Software Works, Ottawa, ON    |Red F./Blow F[
] mcr@sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ |strong crypto[
] panic("Just another NetBSD/notebook using, kernel hacking, security guy");  [



-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: latin1
Comment: Processed by Mailcrypt 3.4, an Emacs/PGP interface

iQBVAwUBNlYI5B4XQavxnHg9AQFjGAH/U9TqPbOfjpI8X8GTO/fbqe8mBfoihf6/
O2rgrDzlEQGw9GxmBat7hI5AvfSRG01s5Sik1rPGdHlKPi+dQToSFQ==
=Pxxs
-----END PGP SIGNATURE-----

---

• Prev by Date: ABNF in draft-ietf-spki-cert-structure-05.txt
• Next by Date: Re: ABNF in draft-ietf-spki-cert-structure-05.txt
• Prev by thread: Re: ABNF in draft-ietf-spki-cert-structure-05.txt
• Next by thread: I-D ACTION:draft-ietf-spki-cert-theory-04.txt
• Index(es):
  • Main
  • Thread