[Openswan Users] Information on PKIX support
Murahari
murahari at samsung.com
Thu May 6 10:33:07 CEST 2004
All,
We are trying to use CMP-rfc2510 along with ocsp. There is a code
related to ocsp in openswan but none related to cmp. Am I right?
Thanks.
Murahari
-----Original Message-----
From: Michael Richardson [mailto:mcr at sandelman.ottawa.on.ca]
Sent: Wednesday, May 05, 2004 8:13 PM
To: Murahari
Cc: users at lists.openswan.org
Subject: Re: [Openswan Users] Information on PKIX support
-----BEGIN PGP SIGNED MESSAGE-----
>>>>> "Murahari" == Murahari <murahari at samsung.com> writes:
Murahari> Does Openswan have a support for PKIX?
PKIX is the IETF profile of X.509v3.
PKIX itself is still too general, so there is a further IETF effort
called pki4ipsec.
Openswan supports X.509v3 certificates, but does not support many of
the PKIX extensions/specializations (such as the very useful
name-constraints), other than the subjectAltName stuff for IP addresses
and FQDNs in the DN.
What specific piece are you trying to use?
- --
] ON HUMILITY: to err is human. To moo, bovine. |
firewalls [
] Michael Richardson, Xelerance Corporation, Ottawa, ON |net
architect[
] mcr at xelerance.com http://www.sandelman.ottawa.on.ca/mcr/ |device
driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security
guy"); [
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Finger me for keys
iQCVAwUBQJj9gYqHRg3pndX9AQGSQgQAjpOkhOOLIMWSP9TDVF13RVbxt2ss8Ikk
/5OfL1ty139gcn4HDRWqzMbm/nCgcdkToYKyaAkKvX41iklLXuN13VrRnQ6oEt3Y
a7jtPRQYzoTTZLrgaPg9MZOD9FyMnNoJUtmuxznxT8tY/3LzokAGwLcQZLjlzkbQ
NNzeJbyKwJk=
=6QYy
-----END PGP SIGNATURE-----
More information about the Users
mailing list