ipsec October 2009 archive
Main Archive Page > Month Archives  > ipsec archives
ipsec: Re: [IPsec] #119: Which certificate types can be mixed in

Re: [IPsec] #119: Which certificate types can be mixed in one exchange?

From: David Wierbowski <wierbows_at_nospam>
Date: Fri Oct 30 2009 - 22:24:18 GMT
To: IPsecme WG <ipsec@ietf.org>

> Should be added to Sec. 3.6, probably as a new subsection.

> One Hash & URL (H&U) bundle only. Or...

> One Raw RSA key, or...

> One or more cert payloads of either type 4 or H&U (type 12)

I think there are cases where it makes sense to send any combination of types 7, 12, and 13. I do not think we should restrict which of those certificate types can be mixed in one exchange.

>Can have one or more CRLs and/or OCSP content (RFC 4806) added to any of
the above, except for Raw RSA.
I thought sending CRLs inline.was strongly discouraged, but I agree that if an implementation sends them that it would be logical to include one or more CRLs.

Are we planning on updating the list of certificate encoding types to include type 14 (OSCP content)? If yes then I do not see that in the current bis draft.

Dave Wierbowski

z/OS Comm Server Developer


    Tie line: 620-4055
    External: 607-429-4055

IPsec mailing list