[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Reliable delete notifies

To: Ben McCann <bmccann@indusriver.com>
Subject: Re: Reliable delete notifies
From: Michael Thomas <mat@cisco.com>
Date: Mon, 9 Oct 2000 09:26:43 -0700 (PDT)
Cc: sommerfeld@East.Sun.COM, ipsec <ipsec@lists.tislabs.com>
In-Reply-To: <39E1E079.F130108D@indusriver.com>
References: <200010091454.e99EsAl135935@thunk.east.sun.com><39E1E079.F130108D@indusriver.com>
Sender: owner-ipsec@lists.tislabs.com

Ben McCann writes:
 > Correct. As Jan Vilhuber so eloquently pointed out, our customers
 > want remote access IPSEC VPN's without the hassle of deploying
 > a PKI. Aggressive mode provides a viable (IMHO) solution for
 > remote access with identities other than IP addresses using
 > pre-shared keys for authentication.
 > 
 > Other options for remote access without _requiring_ certs are:
 > 
 > - XAUTH with a group pre-shared key.
 > 
 > - XAUTH with Hybrid Auth.
 > 
 > - IPSRA temporary certificates.

   I'm far from up to speed on all of these protocols, but
   it seems that there is a potential wildcard
   here which is to use KINK as a scalable vehicle to 
   key IPsec sessions using secret keys. People
   may want to read:

   draft-ietf-kink-kink-00.txt

		Mike

References:

Re: Reliable delete notifies

From: Bill Sommerfeld <sommerfeld@East.Sun.COM>

Re: Reliable delete notifies

From: Ben McCann <bmccann@indusriver.com>

Prev by Date: Re: Reliable delete notifies
Next by Date: Re: Reliable delete notifies
Prev by thread: Re: Reliable delete notifies
Next by thread: Re: Reliable delete notifies
Index(es):
- Main
- Thread