W3C home > Mailing lists > Public > www-xkms@w3.org > November 2005

Re: Determinig Server o Client use in XKMS

From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Date: Tue, 22 Nov 2005 08:29:28 +0000
Message-ID: <4382D6E8.2070104@cs.tcd.ie>
To: "Vicente D. Guardiola Buitrago" <vicentedavid81@yahoo.es>
CC: www-xkms@w3.org


I guess you could either define a new UseKeyWith for a VPN g/w
(is this really for tunnel mode g/w? there aren't really any
clients/servers for IPsec are there.)

Or, just configure different service URLs the responder, so
that requests to one use profile A, whereas requests to the
other use profile B.

2nd one should be easier I guess, so long as the same entity
isn't playing both IPsec "roles" at different times.
S.


Vicente D. Guardiola Buitrago wrote:
> 
> Hello,
> 
> I'm implementing a XKMS Server and I've a doubt.
> 
> My underlying PKI is based on X.509 Certificate, and the problem raises 
> when I have to check the KeyUsage and UseKeyWith for the requested Key 
> binding in the found certificates. For instance, let be a Request with a 
> UseKeyWith for IPSEC with IP A.B.C.D  and KeyUsage Signature and 
> Excryption. This is a typical request, but in X.509 Certificate I need 
> to know if the certificate is going to be used in a Client or a Server, 
> because the necessary extensions are different in either situation.
> 
> Then, the question is, how can I determine if a request is for a Client 
> or a Server?
> 
> Thanks,
> 
> Vicente Guardiola
> University of Murcia (Spain)
> 
>        
> ______________________________________________ Renovamos el Correo 
> Yahoo! Nuevos servicios, más seguridad http://correo.yahoo.es
> 
> 
> 
Received on Tuesday, 22 November 2005 08:30:32 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:31:44 UTC