[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: SOI: identity protection and DOS
On Mon, 26 Nov 2001, Paul Hoffman / VPNC wrote:
> Positive traits of IKEv1 pre-shared keys:
> a) easy for each party to set up
> b) not susceptible to CRL time lag or CA key compromise
> c) fewer exponentiations on each side for IPsec key setup
You forgot:
bb) no supporting CA/CRL infrastructure required
One might consider that to fall under (a), but I think it's important
enough to merit separate comment. In simple situations or for small
specialized implementations, minimizing the weight of infrastructure can
be a significant advantage even when the setup effort would be considered
acceptable.
Henry Spencer
henry@spsystems.net
References: