If I do not send an HTTP_CERT_LOOKUP_SUPPORTED notify is it valid for my
peer to send me a certificate payload with a hash and URL encoding (i.e. 12
or 13)? I do not see any language in RFC 4306 or 4945 that states the peer
MUST NOT send a certificate payload with a hash and URL encoding in this
Greetings,
I am new to this group, so I hope I am not raising an issue which was addressed
earlier. I was reading draft-ietf-ipsecme-ikev2bis, and I came across some
inconsistent terminology which I believe also exists in RFC 4306.
RFC 4301 defines a SA as a simplex "connection", and states tha
At 9:30 AM -0400 5/22/09, David Wierbowski wrote:
>If I do not send an HTTP_CERT_LOOKUP_SUPPORTED notify is it valid for my peer
>to send me a certificate payload with a hash and URL encoding (i.e. 12 or 13)?
>I do not see any language in RFC 4306 or 4945 that states the peer MUST NOT
>send a ce
Why?
Dave Wierbowski
z/OS Comm Server Developer
Phone:
Tie line: 620-4055
External: 607-429-4055
Paul Hoffman
At 11:52 AM -0400 5/22/09, David Wierbowski wrote:
>Why?
Because there is nothing in the document to indicate that it is invalid.
HTTP_CERT_LOOKUP_SUPPORTED is only mentioned twice in RFC 4306:
Certificate payloads SHOULD be included in an exchange if
certificates are available to the send
Paul,
Thanks, but now I'm confused by an answer Tero provided to a slightly
different question back in July of 2007 (subject [Ipsec] Comments on
draft-hoffman-ikev2bis-01.txt). From Tero's answer I had expected to see
something that would disallow using those encoding types if you did not
receiv
At 12:08 PM -0400 5/22/09, David Wierbowski wrote:
>Paul,
>
>Thanks, but now I'm confused by an answer Tero provided to a slightly
>different question back in July of 2007 (subject [Ipsec] Comments on
>draft-hoffman-ikev2bis-01.txt). From Tero's answer I had expected to see
>something that would
Did I say either of the quotes you sent make it sound like one could not
sent hash-and-URL if HTTP_CERT_LOOKUP_SUPPORTED was not received?
I said I'm confused by Tero's previous answer which makes it sound as if
such a restriction is implied.
I guess the value in the HTTP_CERT_LOOKUP_SUPPORTED n
At 4:39 PM -0400 5/22/09, David Wierbowski wrote:
>Did I say either of the quotes you sent make it sound like one could not sent
>hash-and-URL if HTTP_CERT_LOOKUP_SUPPORTED was not received?
Sorry, I took it as implied.
>I said I'm confused by Tero's previous answer which makes it sound as if su
