Re: [IPsec] Troubleshooting IPsec peer certs (was: Re: IPsec profile feedback wanted (draft autonomic control) plane)

Michael Richardson writes: > Unless we can convince various people otherwise, the TA will all be > private enterprise/ISP CAs. And for some reason those same private enterprise/ISP people are exactly those who say that we can't leak our CA certificates out, and thats why we can't have publicly ava

Re: [IPsec] IPsec profile feedback wanted (draft autonomic control plane)

Valery Smyslov writes: > > I think examples of where DN would not be sufficient (and its in the -25 > > text) would be expired certs from the correct CA, or certs from > > a misconfigured registrar with CA - where the operator unintentionally > > re-created a CA with the same DN, instead of going t

Re: [IPsec] Troubleshooting IPsec peer certs (was: Re: IPsec profile feedback wanted (draft autonomic control) plane)

On Fri, Jun 26, 2020 at 04:40:53PM +0300, Tero Kivinen wrote: > Michael Richardson writes: > > Unless we can convince various people otherwise, the TA will all be > > private enterprise/ISP CAs. > > And for some reason those same private enterprise/ISP people are > exactly those who say that we ca