[Openswan Users] left/rightsendcert=always questions

Michael Richardson mcr at sandelman.ottawa.on.ca
Fri May 14 15:47:15 CEST 2004


-----BEGIN PGP SIGNED MESSAGE-----


>>>>> "Nate" == Nate Carlson <natecars at natecarlson.com> writes:
    Nate> How does the ifasked option work? If it's a case where anyone
    Nate> can request the certificate (no authentication beforehand
    Nate> required), I don't see how that'd be any more secure than just
    Nate> sending it out to start with.

  ifasked means send a certificate if there is a certificate request.
  Specifically, send the certificate that has been signed with the CA that
the certificate request says.

  Always sending the certificate causes UDP fragmentation issues.

    Nate> Is there a to-do list somewhere detailing the things that need
    Nate> to be documented? I'm sure some members of the community
    Nate> wouldn't mind spending some time hashing them out. If I have
    Nate> time I may even write some.  :)

  Look at the wiki.

- --
]       ON HUMILITY: to err is human. To moo, bovine.           |  firewalls  [
]   Michael Richardson,    Xelerance Corporation, Ottawa, ON    |net architect[
] mcr at xelerance.com      http://www.sandelman.ottawa.on.ca/mcr/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Finger me for keys

iQCVAwUBQKUUMYqHRg3pndX9AQHucwQAyDx1BFc8OzggZleS4dlckXjNzKlDwi76
sy7+GgItHR8oK1wfU01R1PjsM/gUiI/H2FWzBCgGBDgkFs1UoQjHjh9PvTEE6e0w
pdF7T8b8Egt/MR5agsEJJmHjfDoAqEwUBzmejrKPM/ISeOTQI5KzyAhF6OiIXDpp
Ea/HrBrGC18=
=axkO
-----END PGP SIGNATURE-----


More information about the Users mailing list