[Swan-dev] GSoC : RFC-7427 : Selecting the Public Key algorithm
Paul Wouters
paul at nohats.ca
Mon Apr 3 13:28:29 UTC 2017
On Mon, 3 Apr 2017, Sahana Prasad wrote:
> I am Sahana Prasad , a Master student in the Technical University of Munich , Germany.
> I'm working on the proposal idea "Add RFC-7427 Signature Authentication support to IKEv2"
>
> I have the following query :
> Towards the end of the RFC -7427, there are 3 methods listed under the "Selecting the Public key algorithm"
> section in the RFC.
> Should the libreswan software be complaint to all these three methods?
All three methods could be appropriate.
The first method basically means, one would use:
conn rsa
leftid=@MyRsaID
rightid=@TheirRsaID
leftcert=myrsacert
[...]
conn ecc
leftid=@MyEccID
rightid=@TheirRsaID
leftcert=myecccert
[...]
The second method would use the same syntax but the responder
would have rightca=%any and two CA's installed (one with RSA
and one with ECC). The ID could be done as above, or it could
depend on leftid=%fromcert
The third type is similar, as I would think keytype and CERTREQ
narrowing down the CA is more or less the same thing.
Paul
More information about the Swan-dev
mailing list