At 11:52 AM -0400 5/22/09, David Wierbowski wrote:
>Why?
Because there is nothing in the document to indicate that it is invalid.
HTTP_CERT_LOOKUP_SUPPORTED is only mentioned twice in RFC 4306:
Certificate payloads SHOULD be included in an exchange if
certificates are available to the sender unless the peer has
indicated an ability to retrieve this information from elsewhere
using an HTTP_CERT_LOOKUP_SUPPORTED Notify payload.
. . .
HTTP_CERT_LOOKUP_SUPPORTED 16392
This notification MAY be included in any message that can
include a CERTREQ payload and indicates that the sender is
capable of looking up certificates based on an HTTP-based
URL (and hence presumably would prefer to receive
certificate specifications in that format).
Neither of those make it sound like it is required before sending type 12 or 13
certificates.
--Paul Hoffman, Director
--VPN Consortium
_______________________________________________
IPsec mailing list
IPsec@ietf.org
https://www.ietf.org/mailman/listinfo/ipsec
