[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IKEV2: Issue #4 Revised Identity

To: ipsec@xxxxxxxxxxxxxxxxx
Subject: Re: IKEV2: Issue #4 Revised Identity
From: Russ Housley <housley@xxxxxxxxxxxx>
Date: Mon, 17 Feb 2003 14:46:31 -0500
In-reply-to: <>
References: <Your message of "Wed, 12 Feb 2003 16:01:18 EST." <>
Sender: owner-ipsec@xxxxxxxxxxxxxxxxx

>   and that's where you find the crl. I don't know. I punt to pkix to decide
> what the "URL" means. I think that there are documents now that tell me
> how to get stuff via HTTP, right?

Yes, and there's also apparently some way to embed URLs pointing to
(multiple) CRL distribution points into certificates.

See RFC 3280, section 4.2.1.14, on CRL Distribution Points.

   The CRL distribution points extension identifies how CRL information
   is obtained.  The extension SHOULD be non-critical, but this profile
   RECOMMENDS support for this extension by CAs and applications.

Russ

References:
- Re: IKEV2: Issue #4 Revised Identity
  - From: Michael Richardson
- Re: IKEV2: Issue #4 Revised Identity
  - From: Bill Sommerfeld

Prev by Date: RE: IKE-hybrid mode authentication
Next by Date: Re: [Fwd: Re: ike2-v4: request or response] == major issue
Previous by thread: Re: IKEV2: Issue #4 Revised Identity
Next by thread: Re: IKEV2: Issue #4 Revised Identity
Index(es):
- Date
- Thread