[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: charter question re IKE changes

To: "Angelos D. Keromytis" <angelos@dsl.cis.upenn.edu>
Subject: Re: charter question re IKE changes
From: "Chinna N.R. Pellacuru" <pcn@cisco.com>
Date: Tue, 17 Oct 2000 17:38:13 -0700 (PDT)
cc: Michael Richardson <mcr@research.solidum.com>, ipsec@lists.tislabs.com
In-Reply-To: <200010180027.e9I0Rrv25750@nyarlathotep.cis.upenn.edu>
Sender: owner-ipsec@lists.tislabs.com

My point is that, a security model based on self-signed certificates is
completely different than a model based on CA. You can't compare them as
if they provide the same benefits, and as if they meet the same
requirements.

    chinna

On Tue, 17 Oct 2000, Angelos D. Keromytis wrote:

> 
> In message <Pine.GSO.4.10.10010162139050.16768-100000@zipper.cisco.com>, "Chinn
> a N.R. Pellacuru" writes:
> >Traffic can be sent in the clear "with *less* hassle" then trying to
> >secure it.
> 

> It's even easier not to send any traffic. The point is, we want (for
> whatever reason) to send traffic securely. A certificate-based
> configuration is in fact easier (at least on the free IPsec
> implementations -- OpenBSD, Linux, KAME) than pre-shared keys.
>
 
> The commercial vendors should get their act together.
> -Angelos
> 
> 

chinna narasimha reddy pellacuru
s/w engineer

Follow-Ups:

Re: charter question re IKE changes

From: Henry Spencer <henry@spsystems.net>

References:

Re: charter question re IKE changes

From: "Angelos D. Keromytis" <angelos@dsl.cis.upenn.edu>

Prev by Date: Re: charter question re IKE changes
Next by Date: Re: charter question re IKE changes
Prev by thread: Re: charter question re IKE changes
Next by thread: Re: charter question re IKE changes
Index(es):
- Main
- Thread