[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Position statement on IKE development

To: "'sommerfeld@east.sun.com'" <sommerfeld@East.Sun.COM>
Subject: RE: Position statement on IKE development
From: "Horn, Mike" <mhorn@virtela.net>
Date: Tue, 7 Aug 2001 10:06:49 -0600
Cc: "'Theodore Tso'" <tytso@mit.edu>, Andrew Krywaniuk<andrew.krywaniuk@alcatel.com>, "'Alex Alten'" <Alten@home.com>, "'Marcus Leech'" <mleech@nortelnetworks.com>, ipsec@lists.tislabs.com, ietf-ipsra@vpnc.org
Sender: owner-ipsec@lists.tislabs.com

Having everyone eventually migrate to certificates would be nice from a
theoretical viewpoint, but the reality is that there are VPN customers who
will _never_ move to a certificate based infrastructure.  As a VPN service
provider, we see plenty of small customers who simply want their VPN
authentication proxied to their existing RADIUS/NT/etc server(s).  This is
why it's critical to have a long term user authentication mechanism for
IPsec.

Mike Horn

 > -----Original Message-----
 > From: Bill Sommerfeld [mailto:sommerfeld@east.sun.com]
 > Sent: Monday, August 06, 2001 6:41 PM
 > To: Horn, Mike
 > Cc: 'Theodore Tso'; Andrew Krywaniuk; 'Alex Alten'; 'Marcus Leech';
 > ipsec@lists.tislabs.com; ietf-ipsra@vpnc.org
 > Subject: Re: Position statement on IKE development 
 > 
 > 
 > > One of the reasons various user authentication schemes have not been
 > > considered (CRACK for instance) is the moratorium on changes to IKE.
 > > Unfortunately the IPSRA WG is very dependent on IKE.  
 > 
 > The IPSRA WG is not at all dependant on IKE; it's really all about
 > protocols to turn legacy authentication into certificates..
 > 
 > 					- Bill
 >

Prev by Date: RE: IKE must have no Heirs
Next by Date: Re: Wes Hardaker: opportunistic encryption deployment problems
Prev by thread: Re: Position statement on IKE development
Next by thread: Re: Position statement on IKE development
Index(es):
- Main
- Thread