[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Reliable delete notifies

To: "Thomas Porter, Ph.D." <tporter@dtool.com>
Subject: Re: Reliable delete notifies
From: Dan Harkins <dharkins@cips.nokia.com>
Date: Mon, 09 Oct 2000 09:20:03 -0700
cc: ipsec@lists.tislabs.com
In-reply-to: Your message of "Mon, 09 Oct 2000 20:59:50 EDT." <200010091255.IAA16481@granger.mail.mindspring.net>
Sender: owner-ipsec@lists.tislabs.com

  Whatever method you used to hack out a solution using pre-shared keys
could be used to hack out a solution using, say, RSA encrypt mode of
authentication. You just distribute public keys instead of pre-shared
keys. They both scale poorly but you can apparently deal with that in
your production environment.

  Dan.

On Mon, 09 Oct 2000 20:59:50 EDT you wrote
> At 11:10 PM 10/8/2000 -0400, you wrote:
> 
> >I would in fact argue for removal of preshared-key authentication; it was
> >useful for debugging or for very simple setups, but the protocol complexity
> >introduced both directly (because of the need to support 2 or 3 auth methods
>)
> >and indirectly (encourages addition of other authentication mechanisms) are
> >simply not worth it.
> 
> I'm not sure that it matters much here, but we need IPSec solutions, and
> are using 
> them now.  Without the ability to use preshared keys, we would not have
> been able
> to hack out the solutions we currently have in a production environment..
> Tom
> >
> >Ways to retrieve certificates (or have temporary certificates issued, after
> >using XYZ authentication) are known, simple, and well-understood.
> >-Angelos
> >

References:

Re: Reliable delete notifies

From: "Thomas Porter, Ph.D." <tporter@dtool.com>

Prev by Date: Re: Reliable delete notifies
Next by Date: Re: Reliable delete notifies
Prev by thread: Re: Reliable delete notifies
Next by thread: Re: Reliable delete notifies
Index(es):
- Main
- Thread