Re: two CA certificates for IPSec or something...
From: Ondrej Sevecek (ondra)
Date: 09/18/05
- Previous message: Ray: "Certificate Service"
- In reply to: Brian Komar [MVP]: "Re: two CA certificates for IPSec or something..."
- Next in thread: Steven L Umbach: "Re: two CA certificates for IPSec or something..."
- Reply: Steven L Umbach: "Re: two CA certificates for IPSec or something..."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sun, 18 Sep 2005 10:57:15 +0200
I cannot imagine one. I would like the isolation to occure on another bases
than IP, so I think, the authentication is the only solution.
Installation of subordinate CA would require strict security on the machine,
so we probably will install standalone subordinate on a separate server that
will be used to only this purpose.
O.
"Brian Komar [MVP]" <bkomar@nospam.identit.ca> wrote in message
news:MPG.1d964a45fbd29c0d989698@msnews.microsoft.com...
> In article <e5oRO35uFHA.1560@TK2MSFTNGP09.phx.gbl>, "Ondrej Sevecek"
> <ondra at my_surname dot com> says...
>> > You could use two certificate templates to accomplish this, but if you
>> > are applying different IPSec filters, the authentication can only
>> > indicate *which* root CA the chain is rooted.
>>
>> .... and when I would use two templates, how to distinguish them in the
>> filter rules?
>>
>>
>> O.
>>
>>
>>
>>
> This is the issue, the certificate templates would still chain to CAs
> that chain to the same root.
> Is there any other criteria that you could use, other than the
> authentication to isolate?
> Brian
- Previous message: Ray: "Certificate Service"
- In reply to: Brian Komar [MVP]: "Re: two CA certificates for IPSec or something..."
- Next in thread: Steven L Umbach: "Re: two CA certificates for IPSec or something..."
- Reply: Steven L Umbach: "Re: two CA certificates for IPSec or something..."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
