[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Reliable delete notifies

To: "Angelos D. Keromytis" <angelos@dsl.cis.upenn.edu>
Subject: Re: Reliable delete notifies
From: "Derrell D. Piper" <ddp@cips.nokia.COM>
Date: Wed, 11 Oct 2000 02:11:54 -0700
cc: "Thomas Porter, Ph.D." <tporter@dtool.com>, ipsec@lists.tislabs.com
In-Reply-To: Message from "Angelos D. Keromytis" <angelos@dsl.cis.upenn.edu> of "Mon, 09 Oct 2000 16:09:57 EDT." <200010092010.e99K9v701326@adk.gr>
Sender: owner-ipsec@lists.tislabs.com

 > There's no reason why you can't use public keys and certificates; they
 > have a higher initial setup overhead, but that more than pays off over
 > time in management ease.
 > -Angelos

I feel compelled to echo what Jan has already said.  For whatever reason, many
of our customers are extremely reluctant to use PKI-based authentication.  We
even have a built-in CA in our product and probably 30% of our customers still
prefer to use pre-shared keys for site-to-site authentication.  Beat's me why,
but they do.

I wasn't able to attend the last bake-off, but from what I heard and read from
folks who attended, I don't sense that we're at the level of interoperability
between PKI-enabled IPSec implementations that we need to be at before we can
remove pre-shared keys from the standard.

Derrell

Follow-Ups:

Re: Reliable delete notifies

From: "Angelos D. Keromytis" <angelos@dsl.cis.upenn.edu>

Prev by Date: ike and secure DNS
Next by Date: Re: Reliable delete notifies
Prev by thread: RE: Reliable delete notifies
Next by thread: Re: Reliable delete notifies
Index(es):
- Main
- Thread