[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Reliable delete notifies
>>>>> "Angelos" == Angelos D Keromytis <angelos@dsl.cis.upenn.edu> writes:
Angelos> I would in fact argue for removal of preshared-key
Angelos> authentication; it was useful for debugging or for very simple
Angelos> setups, but the protocol complexity introduced both directly
Angelos> (because of the need to support 2 or 3 auth methods) and
Angelos> indirectly (encourages addition of other authentication
Angelos> mechanisms) are simply not worth it.
I would agree to this on one condition only:
That the spec lists a simple, well known format (i.e. PKCS10) by which
self-signed certificates can be loaded into the trusted store, and by which
they will be produced. That implementations *MUST* support this.
Debugging a CA system as well as IKE is simply a non-starter.
:!mcr!: | Solidum Systems Corporation, http://www.solidum.com
Michael Richardson |For a better connected world,where data flows faster<tm>
Personal: http://www.sandelman.ottawa.on.ca/People/Michael_Richardson/Bio.html
mailto:mcr@sandelman.ottawa.on.ca mailto:mcr@solidum.com
Follow-Ups:
References: