[Openswan Users] Information on PKIX support

Michael Richardson mcr at sandelman.ottawa.on.ca
Wed May 5 11:43:14 CEST 2004


-----BEGIN PGP SIGNED MESSAGE-----


>>>>> "Murahari" == Murahari  <murahari at samsung.com> writes:
    Murahari> Does Openswan have a support for PKIX?

  PKIX is the IETF profile of X.509v3.
  PKIX itself is still too general, so there is a further IETF effort
called pki4ipsec.

  Openswan supports X.509v3 certificates, but does not support many of
the PKIX extensions/specializations (such as the very useful
name-constraints), other than the subjectAltName stuff for IP addresses
and FQDNs in the DN. 
  
  What specific piece are you trying to use?

- --
]       ON HUMILITY: to err is human. To moo, bovine.           |  firewalls  [
]   Michael Richardson,    Xelerance Corporation, Ottawa, ON    |net architect[
] mcr at xelerance.com      http://www.sandelman.ottawa.on.ca/mcr/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Finger me for keys

iQCVAwUBQJj9gYqHRg3pndX9AQGSQgQAjpOkhOOLIMWSP9TDVF13RVbxt2ss8Ikk
/5OfL1ty139gcn4HDRWqzMbm/nCgcdkToYKyaAkKvX41iklLXuN13VrRnQ6oEt3Y
a7jtPRQYzoTTZLrgaPg9MZOD9FyMnNoJUtmuxznxT8tY/3LzokAGwLcQZLjlzkbQ
NNzeJbyKwJk=
=6QYy
-----END PGP SIGNATURE-----


More information about the Users mailing list