At 12:19 AM +0300 5/12/09, Yaron Sheffer wrote: >In two words, why not? What is the exact new requirement you are referring >to?
"multiple CERT payloads of type 4 MUST be used". That is a new requirement. >More generally, this is not some obscure part of the RFC that we're >discussing. This is possibly the most mainstream usage scenario. I suspect not. From what I have heard from VPNC members over the years: preshared secrets >> certs issued directly from a trust anchor > certs in a hierarchy (Where EAP fits in this list varies wildly between vendors) >And we need >to make every effort possible in order to ensure interoperability. Fully agree. That's why I think it is important to not create new MUSTs for this, but to expect implementers to be able to handle validation chains in a variety of sensible fashions. --Paul Hoffman, Director --VPN Consortium _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec