There was very limited discussion of this issue, which I see as the main reason why Sec. 3.6 is underspecified. If my proposal below is too restrictive we can expand it somewhat but still keep the number of possible combinations at a level where testing (and interoperability) is possible.
David also asked whether we'd want to fold RFC 4806 (OCSP extensions to IKEv2) into -bis. My personal opinion is No, despite the fact that it is a Proposed Standard. ________________________________ From: ipsec-boun...@ietf.org [mailto:ipsec-boun...@ietf.org] On Behalf Of Yaron Sheffer Sent: Friday, October 30, 2009 1:18 To: IPsecme WG Subject: [IPsec] #119: Which certificate types can be mixed in one exchange? Should be added to Sec. 3.6, probably as a new subsection. One Hash & URL (H&U) bundle only. Or... One Raw RSA key, or... One or more cert payloads of either type 4 or H&U (type 12) Can have one or more CRLs and/or OCSP content (RFC 4806<http://tools.ietf.org/html/rfc4806>) added to any of the above, except for Raw RSA. Scanned by Check Point Total Security Gateway.
_______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec