[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: charter question re IKE changes



At 9:35 AM -0700 10/13/00, Dan Harkins wrote:
>   The lack of people implementing good products should not be a
>motivating factor in developing standards. If we all agree on
>how it *could* work then let's promote that.

Of course. We should continue to promote certs and explain the 
security problems of preshared secrets. No one has said otherwise. 
The question is should we continue to allow the *use* of preshared 
secrets.

>   I think the market will follow a good solution.

So far, that has not been shown true in the IPsec market. The 
proposal to remove preshared secrets from son-of-IKE was made as a 
way to *force* people towards the better solution. Given that IKE 
will exist forever, it is unclear to me that removing preshared 
secrets from son-of-IKE will do anything to convince the users of 
preshared secrets to switch.

--Paul Hoffman, Director
--VPN Consortium


Follow-Ups: References: