Yaron Sheffer writes: > Please also see Tero's follow-up here: > http://www.ietf.org/mail-archive/web/ipsec/current/msg04990.html
I still agree what I said back then :-) > Subject: [IPsec] #120: CA indication with cert req - allowed types > > > Sec. 3.7 has: > > The contents of the "Certification Authority" field are defined only > for X.509 certificates, which are types 4, 10, 12, and 13. Other > values SHOULD NOT be used until standards-track specifications that > specify their use are published. > > This excludes certificate requests of type 7, i.e. for CRLs. For > requesting a specific CRL type 7 would make sense, in particular in > chain situations. Should we add it to the list of allowed types > here? > > OTOH, this allows type 10, which is unspecified and should be removed. And there is also format 14 which also can be sent as CERTREQ and it can have empty certificate authority or it can have some hashes from trusted responder's public keys. -- kivi...@iki.fi _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
