At 4:39 PM -0400 5/22/09, David Wierbowski wrote: >Did I say either of the quotes you sent make it sound like one could not sent >hash-and-URL if HTTP_CERT_LOOKUP_SUPPORTED was not received?
Sorry, I took it as implied. >I said I'm confused by Tero's previous answer which makes it sound as if such >a restriction is implied. I actually don't even take that from Tero's response, but he wasn't clear either way. >I guess the value in the HTTP_CERT_LOOKUP_SUPPORTED notify is that you know >when it is safe to use the hash and URL encoding Yep. >, but it also allows you to send the hash and URL encoding to a peer that may >have disabled that support via a configuration option. Yep. > That doesn't seem like a good design to me, but it's certainly flexible :>). Much of IKEv1 and IKEv2 are not "good design" because of too much flexibility, but the alternative is being too restrictives for many environments. --Paul Hoffman, Director --VPN Consortium _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
