[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: IPSEC WORKING GROUP LAST CALL
>>>>> "Ben" == Ben Rogers <ben@Ascend.COM> writes:
>> This decision has also had an impact on the design. Because PK is so
>> slow this has also contributed to the use of the SA construct instead
>> of other methods which could more closely match how IP routing really
>> works. It makes the management of trust more difficult, for example
>> deleting untrustworthy hosts in a timely manner.
Ben> Note that this can be sidestepped by using pre-shared keys in
Ben> ISAKMP. Depending on your security needs, this may be an entirely
Or, by using other means of getting a symmetric key to each end, such
as by using a Kerberos 4, 5 or NT5.0 KDC.
:!mcr!: | Sandelman Software Works Corporation, Ottawa, ON
Michael Richardson |Network and security consulting and contract programming
Personal: <A HREF="http://www.sandelman.ottawa.on.ca/People/Michael_Richardson/Bio.html">mcr@sandelman.ottawa.on.ca</A>. PGP key available.
Corporate: <A HREF="http://www.sandelman.ottawa.on.ca/SSW/">sales@sandelman.ottawa.on.ca</A>.
Follow-Ups:
References: