On Mon, 3 Apr 2017, Sahana Prasad wrote:
I am Sahana Prasad , a Master student in the Technical University of Munich ,
Germany.
I'm working on the proposal idea "Add RFC-7427 Signature Authentication support to
IKEv2"
I have the following query :
Towards the end of the RFC -7427, there are 3 methods listed under the "Selecting
the Public key algorithm"
section in the RFC.
Should the libreswan software be complaint to all these three methods?
All three methods could be appropriate.
The first method basically means, one would use:
conn rsa
leftid=@MyRsaID
rightid=@TheirRsaID
leftcert=myrsacert
[...]
conn ecc
leftid=@MyEccID
rightid=@TheirRsaID
leftcert=myecccert
[...]
The second method would use the same syntax but the responder
would have rightca=%any and two CA's installed (one with RSA
and one with ECC). The ID could be done as above, or it could
depend on leftid=%fromcert
The third type is similar, as I would think keytype and CERTREQ
narrowing down the CA is more or less the same thing.
Paul
_______________________________________________
Swan-dev mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan-dev
