[Openswan Users] left/rightsendcert=always questions
Nate Carlson
natecars at natecarlson.com
Fri May 14 14:54:26 CEST 2004
On Fri, 14 May 2004, Michael Richardson wrote:
> Nate> How does the ifasked option work? If it's a case where anyone
> Nate> can request the certificate (no authentication beforehand
> Nate> required), I don't see how that'd be any more secure than just
> Nate> sending it out to start with.
>
> ifasked means send a certificate if there is a certificate request.
>
> Specifically, send the certificate that has been signed with the CA that
> the certificate request says.
So what happens if you connect two machines that are both set to
sendcert=ifasked? Will one of them still ask for the certificate from the
other one, since you're doing certificate-based authentication? (Sorry,
not a IPSec protocol expert.)
> Always sending the certificate causes UDP fragmentation issues.
------------------------------------------------------------------------
| nate carlson | natecars at natecarlson.com | http://www.natecarlson.com |
| depriving some poor village of its idiot since 1981 |
------------------------------------------------------------------------
More information about the Users
mailing list