50 likes | 143 Views
The Internet IP Security PKI Profile of ISAKMP and PKIX. draft-ietf-ipsec-pki-profile-03.txt Brian Korver <briank@xythos.com> Eric Rescorla <ekr@rtfm.com>. What is draft-ietf-ipsec-pki-profile-03.txt?. Provides a profile of ISAKMP and PKIX for use in IPsec
E N D
The Internet IP Security PKI Profile of ISAKMP and PKIX draft-ietf-ipsec-pki-profile-03.txt Brian Korver <briank@xythos.com> Eric Rescorla <ekr@rtfm.com>
What isdraft-ietf-ipsec-pki-profile-03.txt? • Provides a profile of ISAKMP and PKIX for use in IPsec • Complements specifications such as IKEv1 (and IKE v2) • “strawman” proposals
Examples of issues addressed in draft-ietf-ipsec-pki-profile-03.txt • When should an implementation send Certificates and/or CRLs? • What response should be given to an empty CERTREQ? • How must the ID payload be used for determining policy? • In which fields should particular types of identity information appear in certificates? • What formats should be used for out-of-band exchange of PKI-related information?
What’s new in -03? Not much: • Minor editorial changes to clean up language • Minor additional clarifying text • Removed hyphenation • Added requirement that implementations support configuration data exchange having arbitrary line lengths
Going forward to -04 • Add/remove text in accordance with whatever the group determines its scope should be • Incorporation of feedback (hint, hint)