Good. So how about we close this issue by adding the last sentence
below:
If
multiple certificates are sent, the first certificate MUST contain
the public key used to sign the AUTH payload. The other
certificates
may be sent in any order. Each certificate is encoded in a separate
CERT payload.
Does this sound OK to everyone?
On Aug 26, 2009, at 4:43 PM, Tero Kivinen wrote:
> Martin Willi writes:
>> It is not even clear from the spec how to encode multiple
>> certificates
>> in a single cert payload with type 4 (just concatenate?).
>
> There is no way to encode more than one certificate with X.509
> Certificate - Signature (#4) format in one certificate payload.
> --
> kivi...@iki.fi
> _______________________________________________
> IPsec mailing list
> IPsec@ietf.org
> https://www.ietf.org/mailman/listinfo/ipsec
>
> Scanned by Check Point Total Security Gateway.
Email secured by Check Point
_______________________________________________
IPsec mailing list
IPsec@ietf.org
https://www.ietf.org/mailman/listinfo/ipsec
