[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Reliable delete notifies
Ben McCann writes:
> Correct. As Jan Vilhuber so eloquently pointed out, our customers
> want remote access IPSEC VPN's without the hassle of deploying
> a PKI. Aggressive mode provides a viable (IMHO) solution for
> remote access with identities other than IP addresses using
> pre-shared keys for authentication.
>
> Other options for remote access without _requiring_ certs are:
>
> - XAUTH with a group pre-shared key.
>
> - XAUTH with Hybrid Auth.
>
> - IPSRA temporary certificates.
I'm far from up to speed on all of these protocols, but
it seems that there is a potential wildcard
here which is to use KINK as a scalable vehicle to
key IPsec sessions using secret keys. People
may want to read:
draft-ietf-kink-kink-00.txt
Mike
References: