[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Reliable delete notifies
> There's no reason why you can't use public keys and certificates; they
> have a higher initial setup overhead, but that more than pays off over
> time in management ease.
> -Angelos
I feel compelled to echo what Jan has already said. For whatever reason, many
of our customers are extremely reluctant to use PKI-based authentication. We
even have a built-in CA in our product and probably 30% of our customers still
prefer to use pre-shared keys for site-to-site authentication. Beat's me why,
but they do.
I wasn't able to attend the last bake-off, but from what I heard and read from
folks who attended, I don't sense that we're at the level of interoperability
between PKI-enabled IPSec implementations that we need to be at before we can
remove pre-shared keys from the standard.
Derrell
Follow-Ups: