Re: Can the initiator send a type of ID randomly?
Brian Korver <briank@briank.com> Wed, 04 December 2002 14:44 UTC
Received: from lists.tislabs.com (portal.gw.tislabs.com [192.94.214.101]) by above.proper.com (8.11.6/8.11.3) with ESMTP id gB4Eiwg26923; Wed, 4 Dec 2002 06:44:58 -0800 (PST)
Received: by lists.tislabs.com (8.9.1/8.9.1) id JAA17578 Wed, 4 Dec 2002 09:12:39 -0500 (EST)
User-Agent: Microsoft-Entourage/10.0.0.1331
Date: Wed, 04 Dec 2002 00:59:42 -0800
Subject: Re: Can the initiator send a type of ID randomly?
From: Brian Korver <briank@briank.com>
To: king wu <wmyking49@yahoo.com.cn>, ipsec@lists.tislabs.com
Message-ID: <BA1303FE.2DE7%briank@briank.com>
In-Reply-To: <20021127103536.77145.qmail@web15105.mail.bjs.yahoo.com>
Mime-version: 1.0
Content-type: text/plain; charset="GB2312"
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by lists.tislabs.com id DAA17023
Sender: owner-ipsec@lists.tislabs.com
Precedence: bulk
On 11/27/02 2:35 AM, "king wu" <wmyking49@yahoo.com.cn> wrote: > hi, all > > In the scenario with public sigiture keys in IKE, how > does the initiator choose a type of ID? As we know, > the ID includes FQDN,RFC822_ADDR,DER_ASN1_DN,etc. > Then, can the initiator send a type of ID randomly? > Or, are there some rules for doing it? I can't find > the rules through the documents on IKE. > Please help. > thanks. > > --King Wu > > _________________________________________________________ > Do You Yahoo!? > "是IT精英吗?小试牛刀获时尚大奖!" > http://cn.promo.yahoo.com/cgi-bin/udb/u The ID type should either be an IP address or some piece of information that appears in the certificate. How to choose which piece of information is a local (policy) matter, but often is closely associated with particular authorization schemes (such as ACLs). See draft-ietf-ipsec-pki-profile-01.txt for more discussion of this issue. - brian briank@briank.com