Re: [IPsec] Issue #107

To: Tero Kivinen <kivinen at iki.fi>, David Wierbowski <wierbows at us.ibm.com>
Subject: Re: [IPsec] Issue #107
From: Paul Hoffman <paul.hoffman at vpnc.org>
Date: Mon, 11 May 2009 08:11:29 -0700
Cc: "ipsec at ietf.org" <ipsec at ietf.org>
Delivered-to: ipsec at core3.amsl.com
In-reply-to: <18952.13545.832275.598866 at fireball.kivinen.iki.fi>
List-archive: <http://www.ietf.org/mail-archive/web/ipsec>
List-help: <mailto:ipsec-request@ietf.org?subject=help>
List-id: Discussion of IPsec protocols <ipsec.ietf.org>
List-post: <mailto:ipsec@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
References: <18952.6309.950313.942432 at fireball.kivinen.iki.fi> <OFBC935236.EF80D019-ON852575B3.004985AB-852575B3.004D0209 at us.ibm.com> <18952.13545.832275.598866 at fireball.kivinen.iki.fi>

At 5:23 PM +0300 5/11/09, Tero Kivinen wrote:
>I think it is quite obvious that you are not supposed to use multiple
>hash and url of X.509 bundle payloads, even when it is not
>specifically forbidden.

Fully disagree. We have no prohibition against this, and I can imagine corner cases where it would be useful. If we allow multiple CERT payloads, we cannot discourage particular contents in each payload.

--Paul Hoffman, Director
--VPN Consortium

References:
- [IPsec] Issue #107
  - From: Tero Kivinen
- Re: [IPsec] Issue #107
  - From: David Wierbowski
- Re: [IPsec] Issue #107
  - From: Tero Kivinen

Prev by Date: Re: [IPsec] IV in ESP packets for AES-CBC and AES-CTR methods
Next by Date: Re: [IPsec] IV in ESP packets for AES-CBC and AES-CTR methods
Previous by thread: Re: [IPsec] Issue #107
Next by thread: Re: [IPsec] Issue #107
Index(es):
- Date
- Thread

Re: [IPsec] Issue #107

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.