Hi Anil,
X.509 is one authentication method like pre-shared keys for a peer to prove
it's identity.
So if CERT authentication method is configured in your IKEv2 policy, you
know that you have send CERTREQ and generate AUTH payload based on your
certificate. You can have just Pre-Shared Keys based
Hi Anil,
Please find my reply inline.
On Tue, May 19, 2009 at 10:55 AM, Anil Maguluri <
anil.magul...@lntinfotech.com> wrote:
>
> Hi All,
>
> I would like to know what are the different certificates to support in
> IKEv2?
raj> The most commonly supported certificate forms are:
http://tools.ie
Hi All,
I would like to know what are the different certificates to support in
IKEv2?
Is it mandatory to support CERT and CERTREQ payloads in IKE_AUTH message?
If yes, please let me know the supported Certificates information and
corresponding
RFC numbers.
Also please let me know IKEv2 opensour
Hi Yaron,
> -Original Message-
> From: Yaron Sheffer [mailto:yar...@checkpoint.com]
> Sent: Saturday, May 16, 2009 2:37 PM
> To: Vijay Devarapalli; ipsec@ietf.org
> Subject: RE: [IPsec] Redirect -09 comments
>
> Hi Vijay,
>
> Regarding loop avoidance, please use RFC 2119, capitalized sh
I asked this once and nobody answered - I will try again
How should the IV be set for an informational message that is generated
during phase 1? I see conflicting implementations and the V1 RFCs dont say
(or at least dont say it clearly)
Specific example is when doing a cert auth and the respond
Hi,
Anil Maguluri writes:
> I am new to the IPsec. I am trying to understand the Linux IPsec
> architecture and current implementation.
If you are not familiar with the theoretical aspects, you should start
with RFC 4301 to get the big picture (concepts, vocabulary, ...). If you
intend to spen
Hi All,
I am new to the IPsec. I am trying to understand the Linux IPsec
architecture and
current implementation.
Please let me know any tutorial/doc is available for IPsec architecture in
Linux.
Thanks and Regards,
Anil Kumar Maguluri
__
Well, I find the attack laughable. But anyway, if it takes 5 paragraphs to
explain this one paragraph, I guess better clarification is in order.
Thanks,
Yaron
> -Original Message-
> From: Tero Kivinen [mailto:kivi...@iki.fi]
> Sent: Monday, May 18, 2009 12:01
> To: Yaron Sheffer
>
Yoav Nir writes:
> Hi all
>
> I've just noticed that section 3.12 of the bis draft has the following text:
>
>Writers of Internet-Drafts who wish to extend this protocol MUST
>define a Vendor ID payload to announce the ability to implement the
>extension in the Internet-Draft. It is
Yaron Sheffer writes:
> Regarding identity protection, I now realize I don't understand the relevant
> paragraph. The text is:
>
>Redirecting based on the unauthenticated identities might leak out
>information about the user when active attacker can get information
>to which gateway us
Hi Dan,
> I'm discovering interoperability bugs between OpenSolaris and other platforms
> in the SHA-2 space, mostly around SHA-384 and SHA-512.
The Linux kernel implements an outdated truncation length for SHA256 only. But
we
successfully tested the SHA2 family against other vendors using this
11 matches
Mail list logo
