Re: [IPsec] #119: Which certificate types can be mixed in one exchange?

From: David Wierbowski <wierbows_at_nospam>
Date: Fri Oct 30 2009 - 22:24:18 GMT
To: IPsecme WG <ipsec@ietf.org>

> Should be added to Sec. 3.6, probably as a new subsection.

> One Hash & URL (H&U) bundle only. Or...

> One Raw RSA key, or...

> One or more cert payloads of either type 4 or H&U (type 12)

I think there are cases where it makes sense to send any combination of types 7, 12, and 13. I do not think we should restrict which of those certificate types can be mixed in one exchange.

>Can have one or more CRLs and/or OCSP content (RFC 4806) added to any of
the above, except for Raw RSA.
I thought sending CRLs inline.was strongly discouraged, but I agree that if an implementation sends them that it would be logical to include one or more CRLs.

Are we planning on updating the list of certificate encoding types to include type 14 (OSCP content)? If yes then I do not see that in the current bis draft.

Dave Wierbowski

z/OS Comm Server Developer

Phone:

Tie line: 620-4055
External: 607-429-4055

IPsec mailing list
IPsec@ietf.org
https://www.ietf.org/mailman/listinfo/ipsec

This message: [ Message body ]
Next message: David Wierbowski: "Re: [IPsec] #120: CA indication with cert req - allowed types"
Previous message: David Wierbowski: "Re: [IPsec] #120: CA indication with cert req - allowed types"
In reply to: Yaron Sheffer: "[IPsec] #119: Which certificate types can be mixed in one exchange?"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ]