OCSP Extension for IKEv2

A new RFC was recently published that allows OCSP to be supported in IKEv2. Here is an extract from the abstract of http://tools.ietf.org/rfc/rfc4806.txt:

While the Internet Key Exchange Protocol version 2 (IKEv2) supports public key based authentication, the corresponding use of in-band Certificate Revocation Lists (CRL) is problematic due to unbounded CRL size.  The size of an Online Certificate Status Protocol (OCSP) response is however well-bounded and small.  This document defines the “OCSP Content” extension to IKEv2.

Leave a Reply

Your email address will not be published. Required fields are marked *