ipsec October 2009 archive
Main Archive Page > Month Archives  > ipsec archives
ipsec: [IPsec] #117: Hash and URL interop

[IPsec] #117: Hash and URL interop

From: Tero Kivinen <kivinen_at_nospam>
Date: Fri Oct 30 2009 - 13:55:21 GMT
To: Yaron Sheffer <yaronf@checkpoint.com>


Yaron Sheffer writes:
> To improve interoperability, allow only the "http" URL method. The
> current text (end of sec. 3.6) implies that any method is allowed,
> although HTTP MUST be supported.

If that means adding MUST NOT for other URL methods, I do not think we want to do it. We alrady have one mandatory to implement URL method (http) and that should be enough to provide interoperability. If someone wants to create implementation which uses some other format in addition to http method for their own use, I do not see any reason why they should be forbidded to do so.

Note, that HASH and URL formats are not limited to exactly one URL format for each hash. Implementation would are allowed to send multiple cert payloads, each having same HASH but different URLs having different methods. If implementation does not support certain URL method it just ignores the cert payload, and as multiple methods point to same certificate each of them have same hash, thus it does not matter which one of them the implementation uses to fetch the certificate. -- kivinen@iki.fi _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec