What Are the Operation Requirements of CDP?
To work, the hosts on both sides of a communication must support CDP and both users must agree to use it.
Caution - SunScreen SPF-100 does not support certificate discovery, you cannot use it to communicate between a machine that is running SunScreen SKIP and a SunScreen SPF-100.
If both hosts can use CDP and both users agree to it, then the users merely exchange certificate identifiers and allow CDP to do the work instead of exchanging their public keys. This is a simpler solution than manually exchanging certificates.
As an example, if for X.509 certificates, your certificate number is "0a000100" and another user's public certificate number or master key identifier is "0a000102," you can exchange these numbers and enter them into your respective ACL when you set up your ACL with the other user's host for access.
You can do the same for UDH certificates, namely, by exchanging hash values.
Then, when communication between the two is attempted, even though your SunScreen SKIP program does not have the peer's certificate in its certificate database, your host can request that the certificate be sent automatically from the other host and can put it into its certificate database since it knows the certificate's master key ID.
- © 2010, Oracle Corporation and/or its affiliates