[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: The CR payload still

To: Brian Korver <briank@xxxxxxxxxx>, <Charlie_Kaufman@xxxxxxxxxxxxxxxx>
Subject: Re: The CR payload still
From: Paul Hoffman / VPNC <paul.hoffman@xxxxxxxx>
Date: Wed, 5 Mar 2003 13:31:48 -0800
Cc: <ipsec@xxxxxxxxxxxxxxxxx>
In-reply-to: <>
References: <>
Sender: owner-ipsec@xxxxxxxxxxxxxxxxx

At 11:07 AM -0800 3/5/03, Brian Korver wrote:

Except for the case of opportunistic IPsec, I don't see the point
of telling your peer "I don't care".

There are other meanings than "I don't care". We need to be able to say "send me a cert of type other than 4", namely types 11, 12, and 13. Currently, we can't specify that.

  Therefore, I agree that an empty
CERTREQ should be prohibited in IKEv2, especially because it creates an
interoperability rat hole.

It won't do that if we scope it correctly.

--Paul Hoffman, Director
--VPN Consortium

Follow-Ups:
- Re: The CR payload still
  - From: Pekka Riikonen
- Re: The CR payload still
  - From: Valery Smyslov
- Re: The CR payload still
  - From: Brian Korver

References:
- Re: The CR payload still
  - From: Brian Korver

Prev by Date: Re: suites vs. a la carte and IPcomp in IKEv2-05
Next by Date: Re: suites vs. a la carte and IPcomp in IKEv2-05
Previous by thread: Re: The CR payload still
Next by thread: Re: The CR payload still
Index(es):
- Date
- Thread