[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

ICIM: need a way to filter certs from peers

To: ".ipsec-policy" <ipsec-policy@xxxxxxxx>
Subject: ICIM: need a way to filter certs from peers
From: Ricky Charlet <rcharlet@xxxxxxxxxxxx>
Date: Wed, 10 Jan 2001 09:05:39 -0700
List-archive: <http://www.vpnc.org/ipsec-policy/mail-archive/>
List-id: <ipsec-policy.vpnc.org>
List-unsubscribe: <mailto:ipsec-policy-request@vpnc.org?body=unsubscribe>
Organization: Redcreek Communications
Sender: owner-ipsec-policy@xxxxxxxxxxxxx

Howdy,

	In the ICIM I don't see where we could evaluate identities/credentials
from peers. For example, while doing IKE with RSA based authentication,
we will receive a cert from the peer and need to start using that peer's
public key to encrypt stuff that we send to the peer. 
	When we first receive that certificate from the peer, we need a way to
filter it through a list of checks. This would be very much like the
IdentityContexts attribute of the IKERule for choosing which of our
local identitiy/credential sets we would send out to a peer. But the
filtering needs to be done on the remote peers id/cert and we should be
able to abort IKE if the id/cert presented did not meet our criteria. 


-- 
  Ricky Charlet   : Redcreek Communications   : usa (510) 795-6903

Follow-Ups:
- Re: need a way to filter certs from peers
  - From: Lee Rafalow

Prev by Date: Re: IPsecAction granularity
Next by Date: RE: ICIM: comment on IPsecPolicyGroup
Previous by thread: ICIM: comment on IPsecPolicyGroup
Next by thread: Re: need a way to filter certs from peers
Index(es):
- Date
- Thread