[IPsec] #119: Which certificate types can be mixed in one exchange?

Yaron Sheffer <yaronf@checkpoint.com> Thu, 29 October 2009 23:38 UTC

Return-Path: <yaronf@checkpoint.com>
X-Original-To: ipsec@core3.amsl.com
Delivered-To: ipsec@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 550CC28C0D8 for <ipsec@core3.amsl.com>; Thu, 29 Oct 2009 16:38:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.662
X-Spam-Level:
X-Spam-Status: No, score=-3.662 tagged_above=-999 required=5 tests=[AWL=-0.064, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pRpo-VNDqZgJ for <ipsec@core3.amsl.com>; Thu, 29 Oct 2009 16:38:17 -0700 (PDT)
Received: from michael.checkpoint.com (michael.checkpoint.com [194.29.32.68]) by core3.amsl.com (Postfix) with ESMTP id 420FE28C0CF for <ipsec@ietf.org>; Thu, 29 Oct 2009 16:38:17 -0700 (PDT)
Received: from il-ex01.ad.checkpoint.com (localhost [127.0.0.1]) by michael.checkpoint.com (8.12.10+Sun/8.12.10) with ESMTP id n9TNINhu020085 for <ipsec@ietf.org>; Fri, 30 Oct 2009 01:18:23 +0200 (IST)
Received: from il-ex01.ad.checkpoint.com ([126.0.0.2]) by il-ex01.ad.checkpoint.com ([126.0.0.2]) with mapi; Fri, 30 Oct 2009 01:18:25 +0200
From: Yaron Sheffer <yaronf@checkpoint.com>
To: IPsecme WG <ipsec@ietf.org>
Date: Fri, 30 Oct 2009 01:18:24 +0200
Thread-Topic: #119: Which certificate types can be mixed in one exchange?
Thread-Index: AcpY7RujsaPOPWKnQK+8SRjY4rhHTg==
Message-ID: <7F9A6D26EB51614FBF9F81C0DA4CFEC801BDA1213EAB@il-ex01.ad.checkpoint.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: multipart/alternative; boundary="_000_7F9A6D26EB51614FBF9F81C0DA4CFEC801BDA1213EABilex01adche_"
MIME-Version: 1.0
Subject: [IPsec] #119: Which certificate types can be mixed in one exchange?
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipsec>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 29 Oct 2009 23:38:18 -0000

Should be added to Sec. 3.6, probably as a new subsection.

One Hash & URL (H&U) bundle only. Or...

One Raw RSA key, or...

One or more cert payloads of either type 4 or H&U (type 12)

Can have one or more CRLs and/or OCSP content (RFC 4806<http://tools.ietf.org/html/rfc4806>;) added to any of the above, except for Raw RSA.