[Openswan Users] left/rightsendcert=always questions
Michael Richardson
mcr at sandelman.ottawa.on.ca
Fri May 14 15:47:15 CEST 2004
-----BEGIN PGP SIGNED MESSAGE-----
>>>>> "Nate" == Nate Carlson <natecars at natecarlson.com> writes:
Nate> How does the ifasked option work? If it's a case where anyone
Nate> can request the certificate (no authentication beforehand
Nate> required), I don't see how that'd be any more secure than just
Nate> sending it out to start with.
ifasked means send a certificate if there is a certificate request.
Specifically, send the certificate that has been signed with the CA that
the certificate request says.
Always sending the certificate causes UDP fragmentation issues.
Nate> Is there a to-do list somewhere detailing the things that need
Nate> to be documented? I'm sure some members of the community
Nate> wouldn't mind spending some time hashing them out. If I have
Nate> time I may even write some. :)
Look at the wiki.
- --
] ON HUMILITY: to err is human. To moo, bovine. | firewalls [
] Michael Richardson, Xelerance Corporation, Ottawa, ON |net architect[
] mcr at xelerance.com http://www.sandelman.ottawa.on.ca/mcr/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Finger me for keys
iQCVAwUBQKUUMYqHRg3pndX9AQHucwQAyDx1BFc8OzggZleS4dlckXjNzKlDwi76
sy7+GgItHR8oK1wfU01R1PjsM/gUiI/H2FWzBCgGBDgkFs1UoQjHjh9PvTEE6e0w
pdF7T8b8Egt/MR5agsEJJmHjfDoAqEwUBzmejrKPM/ISeOTQI5KzyAhF6OiIXDpp
Ea/HrBrGC18=
=axkO
-----END PGP SIGNATURE-----
More information about the Users
mailing list