RE: charter question re IKE changes

["Chinna N.R. Pellacuru" <pcn@cisco.com>]

I agree with Scott. I think that there should be multiple security models
to address the different requirements.

A common scenario these days in the silicon valley: a corporation got
acquired by another, and the network administrators are tasked with
connecting the two intranets ASAP. Pre-shared keys can be used to setup a
tunnel quickly (or the public keys can be manually exchanged). If this
tunnel over the Internet was only a temporary setup, until a leased line
was available, or if there were only a couple of sites to be connected, I
guess seting up a PKI would not be worth while.

I don't think mandating PKI always, is good. People will come up with
proprietary solutions that don't need PKI, to address customer needs.

I use both emacs and vi based on what I am doing and the system
capabilities, and sometimes notepad is the only option available, to get
the job done.

    chinna

On Mon, 16 Oct 2000, Stephen Kent wrote:

> Scott,
> 
> >It is always the customers choice to develop their security model based on
> >their threat model. To impose a solution, sometimes makes a customer more
> >nervous.
> 
> If only this were true I'd be more comfortable.  I almost never find 
> a customer who has a written description of a threat model, and most 
> can't even correctly define "threat."
> 
> Steve
> 

chinna narasimha reddy pellacuru
s/w engineer

---

Follow-Ups:

• Re: charter question re IKE changes
• From: Michael Richardson <mcr@research.solidum.com>
• RE: charter question re IKE changes
• From: Henry Spencer <henry@spsystems.net>

References:

• RE: charter question re IKE changes
• From: Stephen Kent <kent@bbn.com>

---

• Prev by Date: Re: Getting focus for son-of-IKE
• Next by Date: Re: Getting focus for son-of-IKE
• Prev by thread: RE: charter question re IKE changes
• Next by thread: Re: charter question re IKE changes
• Index(es):
  • Main
  • Thread