[Swan-dev] GSoC : RFC-7427 : Selecting the Public Key algorithm

Paul Wouters paul at nohats.ca
Mon Apr 3 13:28:29 UTC 2017

On Mon, 3 Apr 2017, Sahana Prasad wrote:

> I am Sahana Prasad , a Master student in the Technical University of Munich , Germany.
> I'm working on the proposal idea "Add RFC-7427 Signature Authentication support to IKEv2"
> I have the following query : 
> Towards the end of the RFC -7427, there are 3 methods listed under the "Selecting the Public key algorithm"
> section in the RFC.
> Should the libreswan software be complaint to all these three methods?

All three methods could be appropriate.

The first method basically means, one would use:

conn rsa

conn ecc

The second method would use the same syntax but the responder
would have rightca=%any and two CA's installed (one with RSA
and one with ECC). The ID could be done as above, or it could
depend on leftid=%fromcert

The third type is similar, as I would think keytype and CERTREQ
narrowing down the CA is more or less the same thing.


More information about the Swan-dev mailing list