ipsec October 2009 archive
Main Archive Page > Month Archives  > ipsec archives
ipsec: [IPsec] #120: CA indication with cert req - allowed types

[IPsec] #120: CA indication with cert req - allowed types

From: Yaron Sheffer <yaronf_at_nospam>
Date: Thu Oct 29 2009 - 23:14:56 GMT
To: IPsecme WG <ipsec@ietf.org>

Sec. 3.7 has:

The contents of the "Certification Authority" field are defined only for X.509 certificates, which are types 4, 10, 12, and 13. Other values SHOULD NOT be used until standards-track specifications that specify their use are published.

This excludes certificate requests of type 7, i.e. for CRLs. For requesting a specific CRL type 7 would make sense, in particular in chain situations. Should we add it to the list of allowed types here?

OTOH, this allows type 10, which is unspecified and should be removed.

IPsec mailing list