[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: Comments on CRACK
Perhaps, although some have argued that this would be redundant. Admins
would have to maintain 2 databases (SS+RADIUS).
If we do feel that adding this restriction adds security, then shouldn't IKE
do the same?
Stephane.
> -----Original Message-----
> From: Moshe Litvin [mailto:moshe@checkpoint.com]
> Sent: Tuesday, October 26, 1999 12:36 PM
> To: Stephane Beaulieu
> Cc: Dan Harkins; ipsec@lists.tislabs.com; ietf-ipsra@vpnc.org
> Subject: Re: Comments on CRACK
>
>
> Stephane Beaulieu wrote:
>
> <snip>
>
> > However, I would like to hear everyone else's
> > opinion on this. Should the use of pre-shared keys be
> restricted in XAUTH
> > (or whatever other protocol) because it encourages the use of weak
> > pre-shared keys?
> >
> > If there is concensus, pre-shared keys can be removed from
> XAUTH. I don't
> > think that we have concensus at this point.
>
> Maybe we can reach a consensus by forbidding group pre-shared keys?
>
> Moshe
>
Follow-Ups: