[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: charter question re IKE changes
At 9:35 AM -0700 10/13/00, Dan Harkins wrote:
> The lack of people implementing good products should not be a
>motivating factor in developing standards. If we all agree on
>how it *could* work then let's promote that.
Of course. We should continue to promote certs and explain the
security problems of preshared secrets. No one has said otherwise.
The question is should we continue to allow the *use* of preshared
secrets.
> I think the market will follow a good solution.
So far, that has not been shown true in the IPsec market. The
proposal to remove preshared secrets from son-of-IKE was made as a
way to *force* people towards the better solution. Given that IKE
will exist forever, it is unclear to me that removing preshared
secrets from son-of-IKE will do anything to convince the users of
preshared secrets to switch.
--Paul Hoffman, Director
--VPN Consortium
Follow-Ups:
References: