Let me put my question in a simple form. Why are we trying to authenticate each other peer's public key along with their ID information using the digital signature signed by the CA?
What is significance of the peer's public key after authentication? With regards Kings On Mon, Jan 17, 2011 at 5:30 PM, Kingsley Charles < [email protected]> wrote: > Hi all > > With digital certificate authentication between Party A and B trying to > establish an IPSec connection, the private and public keys are used which is > used as following > > CA server Private Key - Used to encrypted the hash (signature) attached to > the party's certificate. > CA server Public key - The IPSec peer decrypts the hash using CA public Key > which it got from the CA server's root cert. > Party A Private Key - The party A encrypts the hash using it's private key > Party B Public Key - The Party sends it's public key to party B in the > certificate. Party B used the public key to decrypt the hash. > > Party B calculate the hash of the Party B certificate and compares it with > the hash received. If the hash matches, authentication is successful. > > The same happens vice versa to authenticate Party A > > Is my understanding on the private and public purpose is correct? > > I have been working this for a long time but not able to get the exact > picture. > > RFC 2409 is very user friendly readable version :-) > > > With regards > Kings >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
