[Openswan Users] left/rightsendcert=always questions

Michael Richardson mcr at sandelman.ottawa.on.ca
Sun May 16 19:15:27 CEST 2004


-----BEGIN PGP SIGNED MESSAGE-----


>>>>> "Nate" == Nate Carlson <natecars at natecarlson.com> writes:
    Nate> So what happens if you connect two machines that are both set
    Nate> to sendcert=ifasked? Will one of them still ask for the
    Nate> certificate from the other one, since you're doing
    Nate> certificate-based authentication? (Sorry, not a IPSec protocol
    Nate> expert.)

  Both of them could very well put in (one or more) a certificate
request payloads, and one should reply with a certificate if possible.
  Better controls on certificate-request payloads forthcoming. Right
now, it occurs via {right,left}ca= . There is no way (that I know of) to
request a PGP certificate, or any certificate at this time. 

- --
]       ON HUMILITY: to err is human. To moo, bovine.           |  firewalls  [
]   Michael Richardson,    Xelerance Corporation, Ottawa, ON    |net architect[
] mcr at xelerance.com      http://www.sandelman.ottawa.on.ca/mcr/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [

 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Finger me for keys

iQCVAwUBQKfn/oqHRg3pndX9AQErvwQAuowd+2XKN7/QBvjw3GAa7LkcqBgn9HjY
QEVX5Bpz7fp2uygNPx2EG3PVovnZxfU7k9BBoH6L3aPkDx5Mngwp+UftyqSlZWf1
ycJ0LESvkDFHzczkfg5wZgqzMzlq7zzeqxKcKMsDkI18IeGdxc/kPkTgo+ljDS6/
cCeHQhEEPFo=
=UVJu
-----END PGP SIGNATURE-----


More information about the Users mailing list