RE: Query on draft-ietf-ipsec-pki-req-03.txt
Greg Carter <greg.carter@entrust.com> Tue, 19 October 1999 18:00 UTC
Received: from lists.tislabs.com (portal.gw.tislabs.com [192.94.214.101]) by mail.imc.org (8.9.3/8.9.3) with ESMTP id LAA03119; Tue, 19 Oct 1999 11:00:24 -0700 (PDT)
Received: by lists.tislabs.com (8.9.1/8.9.1) id MAA21736 Tue, 19 Oct 1999 12:31:27 -0400 (EDT)
Message-ID: <01E1D01C12D7D211AFC70090273D20B10197D71D@sothmxs06.entrust.com>
From: Greg Carter <greg.carter@entrust.com>
To: "'Walker, Jesse'" <jesse.walker@intel.com>, "'ipsec@lists.tislabs.com'" <ipsec@lists.tislabs.com>
Subject: RE: Query on draft-ietf-ipsec-pki-req-03.txt
Date: Tue, 19 Oct 1999 12:33:19 -0400
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2448.0)
Content-Type: text/plain; charset="iso-8859-1"
Sender: owner-ipsec@lists.tislabs.com
Precedence: bulk
Hi Jesse, Yes if you receive a certificate request with type CRL then you should send the CRL that your certificate would be put on were it to be revoked (follow? :) ). Many implementations are doing this. Of course this requires that at least one end of the negotiation has access to the CRL repository. Bye. Greg Carter Entrust Technologies - http://www.entrust.com http://www.ford-trucks.com/articles/buildup/dana60.html -----Original Message----- From: Walker, Jesse [mailto:jesse.walker@intel.com] Sent: Tuesday, October 19, 1999 10:56 AM To: 'ipsec@lists.tislabs.com' Subject: Query on draft-ietf-ipsec-pki-req-03.txt or the security gateway's cert gets validated. Maybe we need to require implementations to send the latest CRL known to them during the IKE phase 1 negotiation?
- Query on draft-ietf-ipsec-pki-req-03.txt Walker, Jesse
- RE: Query on draft-ietf-ipsec-pki-req-03.txt Greg Carter
- RE: Query on draft-ietf-ipsec-pki-req-03.txt Walker, Jesse
- RE: Query on draft-ietf-ipsec-pki-req-03.txt Walker, Jesse
- Re: Query on draft-ietf-ipsec-pki-req-03.txt Paul Hoffman