[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Please save the pre-shared key mode

To: "'Michael Thomas'" <mat@cisco.com>, Alex Alten <Alten@netvista.net>
Subject: RE: Please save the pre-shared key mode
From: "Wang, Cliff" <CWang@smartpipes.com>
Date: Thu, 6 Dec 2001 17:57:21 -0000
Cc: "Wang, Cliff" <CWang@smartpipes.com>, ipsec@lists.tislabs.com
Sender: owner-ipsec@lists.tislabs.com

Very simple reasons,

IKEv1 is going to be replaced by IKEv2 in the future and KINK has yet to be
standardized and it is not going to replace IKE. On the other hand, adding
PSK support in IKEv2 is not an overkill, but provides much more
flexibilities and more choices for service providers.

-----Original Message-----
From: Michael Thomas [mailto:mat@cisco.com] 
Sent: Thursday, December 06, 2001 12:43 PM
To: Alex Alten
Cc: Wang, Cliff; ipsec@lists.tislabs.com
Subject: Re: Please save the pre-shared key mode

Alex Alten writes:
 > 
 > I *strongly* 2nd this motion.  It would be extremely foolish  > to
eliminate PSK support.  Foolish in this case translates into  > lots of
extra expensive hardware, etc., for our poor customers.

   There are already two choices for keying IPsec SA's
   with pre-shared keys with IETF protocols:

   1) IKEv1
   2) KINK

   The latter can be used peer-peer as well, and
   fixes many of the problems with (1). Why then
   do we need to have yet another? 

	 Mike

Follow-Ups:

RE: Please save the pre-shared key mode

From: Michael Thomas <mat@cisco.com>

RE: Please save the pre-shared key mode

From: Paul Koning <ni1d@arrl.net>

Prev by Date: Re: IKEv2 & DoS protection
Next by Date: RE: Please save the pre-shared key mode
Prev by thread: Re: Please save the pre-shared key mode
Next by thread: RE: Please save the pre-shared key mode
Index(es):
- Main
- Thread