Re: [IPsec] Large Scale VPN

2011-12-22 Thread Yoav Nir
Hן Mike On Dec 22, 2011, at 3:16 AM, Mike Sullenberger wrote: Everyone, I noticed that in the four vendor presentations in the P2P VPN - side meeting in TAIPEI that none of vendors chose to extend or augment IKE/IPsec to solve this class of problems. This is not to say that vendors haven't

[IPsec] Question about ECDSA cert usage for IKEv2 auth

2011-12-22 Thread Gaurav Poothia
Hello, The basic IKEv2 cert auth mechanism for RSA (from RFC 5996) seems to be to hash using SHA-1 before signing. However when using ECDSA certs for IKEv2 I am trying to make sure I am reading RFC 4754 correctly when it says the following: Moreover, ECDSA cannot be specified for IKEv2

Re: [IPsec] Question about ECDSA cert usage for IKEv2 auth

2011-12-22 Thread Yoav Nir
On Dec 22, 2011, at 9:07 PM, Gaurav Poothia wrote: Hello, The basic IKEv2 cert auth mechanism for RSA (from RFC 5996) seems to be to hash using SHA-1 before signing. However when using ECDSA certs for IKEv2 I am trying to make sure I am reading RFC 4754 correctly when it says the following:

Re: [IPsec] Question about ECDSA cert usage for IKEv2 auth

2011-12-22 Thread Gaurav Poothia
Thanks Yoav! From: Yoav Nir [mailto:y...@checkpoint.com] Sent: Thursday, December 22, 2011 1:35 PM To: Gaurav Poothia Cc: ipsec@ietf.org; Brian Swander Subject: Re: [IPsec] Question about ECDSA cert usage for IKEv2 auth On Dec 22, 2011, at 9:07 PM, Gaurav Poothia wrote: Hello, The basic IKEv2