[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: charter question re IKE changes



It is always the customers choice to develop their security model based on
their threat model. To impose a solution, sometimes makes a customer more
nervous.

My two cents.

Scott

> -----Original Message-----
> From: owner-ipsec@lists.tislabs.com
> [mailto:owner-ipsec@lists.tislabs.com]On Behalf Of Paul Hoffman / VPNC
> Sent: Friday, October 13, 2000 2:53 PM
> To: ipsec@lists.tislabs.com
> Subject: Re: charter question re IKE changes
>
>
> At 9:35 AM -0700 10/13/00, Dan Harkins wrote:
> >   The lack of people implementing good products should not be a
> >motivating factor in developing standards. If we all agree on
> >how it *could* work then let's promote that.
>
> Of course. We should continue to promote certs and explain the
> security problems of preshared secrets. No one has said otherwise.
> The question is should we continue to allow the *use* of preshared
> secrets.
>
> >   I think the market will follow a good solution.
>
> So far, that has not been shown true in the IPsec market. The
> proposal to remove preshared secrets from son-of-IKE was made as a
> way to *force* people towards the better solution. Given that IKE
> will exist forever, it is unclear to me that removing preshared
> secrets from son-of-IKE will do anything to convince the users of
> preshared secrets to switch.
>
> --Paul Hoffman, Director
> --VPN Consortium
>



Follow-Ups: References: