Paul Hoffman wrote: > > At 2:08 PM +0300 5/10/09, Yoav Nir wrote: > >Hi all > > > >I've submitted issue #107 about certificate encoding. > > > >IMO it's not clear how certificate chains are to be encoded in IKEv2. > > > >http://trac.tools.ietf.org/wg/ipsecme/trac/ticket/107 > > That would be the CertBundle, also described in section 3.6. > > --Paul Hoffman, Director > --VPN Consortium
And there's the problem. There is no certificate payload encoding for a certificate bundle. Only hash-and-URL So what do I do if the peer sent a certificate request for the root CA, and I have a certificate by a sub-CA, and we don't use hash-and-URL? I can't use a bundle in a Type #4 encoding, but I do need to send the subordinate CA certificate as well. Email secured by Check Point _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
