[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: need a way to filter certs from peers

To: <ipsec-policy@xxxxxxxx>
Subject: Re: need a way to filter certs from peers
From: "Lee Rafalow" <rafalow@xxxxxxxxxxxxxxx>
Date: Wed, 10 Jan 2001 14:41:03 -0500
List-archive: <http://www.vpnc.org/ipsec-policy/mail-archive/>
List-id: <ipsec-policy.vpnc.org>
List-unsubscribe: <mailto:ipsec-policy-request@vpnc.org?body=unsubscribe>
References: <>
Sender: owner-ipsec-policy@xxxxxxxxxxxxx

See CredentialFilterEntry.  

----- Original Message ----- 
From: "Ricky Charlet" <rcharlet@xxxxxxxxxxxx>
To: ".ipsec-policy" <ipsec-policy@xxxxxxxx>
Sent: Wednesday, January 10, 2001 11:05 AM
Subject: ICIM: need a way to filter certs from peers


> Howdy,
> 
> In the ICIM I don't see where we could evaluate identities/credentials
> from peers. For example, while doing IKE with RSA based authentication,
> we will receive a cert from the peer and need to start using that peer's
> public key to encrypt stuff that we send to the peer. 
> When we first receive that certificate from the peer, we need a way to
> filter it through a list of checks. This would be very much like the
> IdentityContexts attribute of the IKERule for choosing which of our
> local identitiy/credential sets we would send out to a peer. But the
> filtering needs to be done on the remote peers id/cert and we should be
> able to abort IKE if the id/cert presented did not meet our criteria. 
> 
> 
> -- 
>   Ricky Charlet   : Redcreek Communications   : usa (510) 795-6903

References:
- ICIM: need a way to filter certs from peers
  - From: Ricky Charlet

Prev by Date: RE: ICIM: comment on IPsecPolicyGroup
Next by Date: Re: ICIM: comment on IPsecPolicyGroup
Previous by thread: ICIM: need a way to filter certs from peers
Next by thread: www.ImprovingDemocracy.com
Index(es):
- Date
- Thread