[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: charter question re IKE changes

To: Michael Richardson <mcr@solidum.com>
Subject: Re: charter question re IKE changes
From: Ari Huttunen <Ari.Huttunen@F-Secure.com>
Date: Sun, 22 Oct 2000 02:42:32 +0300
CC: "Chinna N.R. Pellacuru" <pcn@cisco.com>, ipsec@lists.tislabs.com
Organization: F-Secure Corporation
References: <200010181718.NAA22222@solidum.com>
Sender: owner-ipsec@lists.tislabs.com

Michael Richardson wrote:
>   If son-of-IKE mandates support for self-signed certificates, then one does
> not need to depend on the quality of the CA products to use public key
> authentication.
> 
>   The origin of the desire to keep pre-shared keys is due to "poorly designed
> CA products" --- really more to do with business models of certain public
> key libraries.

What's the point of removing a feature that:
- is the most interoperable authentication mode in existance
- makes possible the smallest memory footprint implementation possible
- is the most resistant to DoS attacks
???

Yes, it's not really usable in large scale, but that's beside the point.

Ari

-- 
Ari Huttunen                   phone: +358 9 859 900
Senior Software Engineer       fax  : +358 9 8599 0452

F-Secure Corporation       http://www.F-Secure.com 

F-Secure products: Integrated Solutions for Enterprise Security

References:

Re: charter question re IKE changes

From: Michael Richardson <mcr@solidum.com>

Prev by Date: Re: Getting focus for son-of-IKE
Next by Date: Safety of pre-shared keys? (Re: Reliable delete notifies)
Prev by thread: Re: charter question re IKE changes
Next by thread: Re: charter question re IKE changes
Index(es):
- Main
- Thread