[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: charter question re IKE changes
Michael Richardson wrote:
> If son-of-IKE mandates support for self-signed certificates, then one does
> not need to depend on the quality of the CA products to use public key
> authentication.
>
> The origin of the desire to keep pre-shared keys is due to "poorly designed
> CA products" --- really more to do with business models of certain public
> key libraries.
What's the point of removing a feature that:
- is the most interoperable authentication mode in existance
- makes possible the smallest memory footprint implementation possible
- is the most resistant to DoS attacks
???
Yes, it's not really usable in large scale, but that's beside the point.
Ari
--
Ari Huttunen phone: +358 9 859 900
Senior Software Engineer fax : +358 9 8599 0452
F-Secure Corporation http://www.F-Secure.com
F-Secure products: Integrated Solutions for Enterprise Security
References: