Paul Wouters wrote:
> Basically, in IKE_SA_INIT, before the IKE_AUTH and CERT payloads
> exchange, you exchange CERTREQ. You basically give a somewhat
> anonymised list of trust anchors you support. The initiator can loop
> through its known TA's and if it matches one, pick the pr
Thanks, Valery
let me pick up the one point i have no clear text solution for yet.
On Fri, Feb 28, 2020 at 10:52:02AM +0300, Valery Smyslov wrote:
> Hi Toerless,
[...]
> Well, the example you provided doesn't work. In IKEv2 first
> the responder sends a list of TA (hashes) he has in a CERTREQ pay
On Jun 21, 2020, at 22:22, Toerless Eckert wrote:
>
> Thanks, Valery
>
> let me pick up the one point i have no clear text solution for yet.
>
>> On Fri, Feb 28, 2020 at 10:52:02AM +0300, Valery Smyslov wrote:
>> Hi Toerless,
> [...]
>> Well, the example you provided doesn't work. In IKEv2 fir
On Sun, Jun 21, 2020 at 11:37:58PM -0400, Paul Wouters wrote:
> On Jun 21, 2020, at 22:22, Toerless Eckert wrote:
> >
> > Thanks, Valery
> >
> > let me pick up the one point i have no clear text solution for yet.
> >
> >> On Fri, Feb 28, 2020 at 10:52:02AM +0300, Valery Smyslov wrote:
> >> Hi
Inline
On Sun, Jun 21, 2020 at 11:37:58PM -0400, Paul Wouters wrote:
> On Jun 21, 2020, at 22:22, Toerless Eckert wrote:
> >
> > ???Thanks, Valery
> >
> > let me pick up the one point i have no clear text solution for yet.
> >
> >> On Fri, Feb 28, 2020 at 10:52:02AM +0300, Valery Smyslov wrote
