questions: key length & cert retrieve: draft-ietf-ipsec-pki-req-01.txt

"Hsu, Yung-Kao" <yungkaohsu@lucent.com> Thu, 10 September 1998 18:20 UTC

Received: (from majordom@localhost) by portal.ex.tis.com (8.8.2/8.8.2) id OAA24799 for ipsec-outgoing; Thu, 10 Sep 1998 14:20:01 -0400 (EDT)
Message-ID: <35F81C5E.1C58A5AE@lucent.com>
Date: Thu, 10 Sep 1998 14:37:18 -0400
From: "Hsu, Yung-Kao" <yungkaohsu@lucent.com>
Organization: Lucent Technologies
X-Mailer: Mozilla 4.05 [en]C-EMS-1.4 (WinNT; U)
MIME-Version: 1.0
To: ipsec <ipsec@tis.com>
Subject: questions: key length & cert retrieve: draft-ietf-ipsec-pki-req-01.txt
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: owner-ipsec@ex.tis.com
Precedence: bulk

I'm new, don't know enough, and have two questions.

1) In section 2.2, it is stated

	All the certificates used in the IPSec device and the PKI must 
	be of the same key length.

So, for examples, I can't have a CA with a 2048-bit key signs a cert of 
1024-bit key for my IPsec device. Why?

2) In section 3.2, it is stated

	IPSec devices MUST be able to retrieve their own fulfilled
	certificates, signing certificates for other IPSec devices, and
	identification certificates for other IPSec devices.

Does this mean that, from an IPsec device, I can query cert of other IPsec
devices even without establishing any communication to them?

Yung-Kao Hsu
Lucent Technologies

questions: key length & cert retrieve: draft-ietf… Hsu, Yung-Kao
Re: questions: key length & cert retrieve: draft-… Rodney Thayer
Re: questions: key length & cert retrieve: draft-… Bill Sommerfeld
Re: questions: key length & cert retrieve: draft-… Rodney Thayer