[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: Please save the pre-shared key mode
Very simple reasons,
IKEv1 is going to be replaced by IKEv2 in the future and KINK has yet to be
standardized and it is not going to replace IKE. On the other hand, adding
PSK support in IKEv2 is not an overkill, but provides much more
flexibilities and more choices for service providers.
-----Original Message-----
From: Michael Thomas [mailto:mat@cisco.com]
Sent: Thursday, December 06, 2001 12:43 PM
To: Alex Alten
Cc: Wang, Cliff; ipsec@lists.tislabs.com
Subject: Re: Please save the pre-shared key mode
Alex Alten writes:
>
> I *strongly* 2nd this motion. It would be extremely foolish > to
eliminate PSK support. Foolish in this case translates into > lots of
extra expensive hardware, etc., for our poor customers.
There are already two choices for keying IPsec SA's
with pre-shared keys with IETF protocols:
1) IKEv1
2) KINK
The latter can be used peer-peer as well, and
fixes many of the problems with (1). Why then
do we need to have yet another?
Mike
Follow-Ups: