[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: SOI: identity protection and DOS

To: IP Security List <ipsec@lists.tislabs.com>
Subject: Re: SOI: identity protection and DOS
From: Henry Spencer <henry@spsystems.net>
Date: Mon, 26 Nov 2001 15:28:29 -0500 (EST)
In-Reply-To: <p0510100cb8283edaf5fa@[165.227.249.20]>
Sender: owner-ipsec@lists.tislabs.com

On Mon, 26 Nov 2001, Paul Hoffman / VPNC wrote:
> Positive traits of IKEv1 pre-shared keys:
> a) easy for each party to set up
> b) not susceptible to CRL time lag or CA key compromise
> c) fewer exponentiations on each side for IPsec key setup

You forgot:

bb) no supporting CA/CRL infrastructure required

One might consider that to fall under (a), but I think it's important
enough to merit separate comment.  In simple situations or for small
specialized implementations, minimizing the weight of infrastructure can
be a significant advantage even when the setup effort would be considered
acceptable. 

                                                          Henry Spencer
                                                       henry@spsystems.net

References:

Re: SOI: identity protection and DOS

From: Paul Hoffman / VPNC <paul.hoffman@vpnc.org>

Prev by Date: Re: SOI: identity protection and DOS
Next by Date: Re: SOI: identity protection and DOS
Prev by thread: Re: SOI: identity protection and DOS
Next by thread: RE: SOI: identity protection and DOS
Index(es):
- Main
- Thread