[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IPSEC WORKING GROUP LAST CALL




>>>>> "Ben" == Ben Rogers <ben@Ascend.COM> writes:
    >> This decision has also had an impact on the design.  Because PK is so
    >> slow this has also contributed to the use of the SA construct instead
    >> of other methods which could more closely match how IP routing really
    >> works.  It makes the management of trust more difficult, for example
    >> deleting untrustworthy hosts in a timely manner.

    Ben> Note that this can be sidestepped by using pre-shared keys in
    Ben> ISAKMP.  Depending on your security needs, this may be an entirely

  Or, by using other means of getting a symmetric key to each end, such
as by using a Kerberos 4, 5 or NT5.0 KDC.

   :!mcr!:            |  Sandelman Software Works Corporation, Ottawa, ON  
   Michael Richardson |Network and security consulting and contract programming
 Personal: <A HREF="http://www.sandelman.ottawa.on.ca/People/Michael_Richardson/Bio.html">mcr@sandelman.ottawa.on.ca</A>. PGP key available.
 Corporate: <A HREF="http://www.sandelman.ottawa.on.ca/SSW/">sales@sandelman.ottawa.on.ca</A>. 




Follow-Ups: References: