[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: DPD & DPV Basics

To: Steve Hanna <steve.hanna@xxxxxxx>
Subject: Re: DPD & DPV Basics
From: Stephen Kent <kent@xxxxxxx>
Date: Tue, 16 Jan 2001 13:20:00 -0500
Cc: PKIX List <ietf-pkix@xxxxxxx>
In-reply-to: <>
References: <> <> <> <> <> <> <><>

Steve,

I'll weigh in on the IPsec scenario too.

I would expect the (IKE) client to send in the target cert and either explicit validation parameters, or a reference to a stored set. Checking the key usage could be done at the server or in the client. But I do expect the client to do the ID matching against the returned cert or cert contents. I would not want the the server to do this because it is application specific and we don't want to require servers to know about such things for every application that might make use of them.

Steve

Follow-Ups:
- Re: DPD & DPV Basics
  - From: Steve Hanna

References:
- RE: DPD & DPV Basics
  - From: Frank Balluffi
- Re: DPD & DPV Basics
  - From: Steve Hanna
- Re: DPD & DPV Basics
  - From: Stephen Kent
- Re: DPD & DPV Basics
  - From: Steve Hanna
- Re: DPD & DPV Basics
  - From: Stephen Kent
- Re: DPD & DPV Basics
  - From: Steve Hanna
- Re: DPD & DPV Basics
  - From: Paul Hoffman / IMC
- Re: DPD & DPV Basics
  - From: Steve Hanna

Prev by Date: Re: question to time stamp draft: case of error
Next by Date: Re: DPD & DPV Basics
Previous by thread: Re: DPD & DPV Basics
Next by thread: Re: DPD & DPV Basics
Index(es):
- Date
- Thread