[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Please save the pre-shared key mode

To: "'Michael Thomas'" <mat@cisco.com>
Subject: RE: Please save the pre-shared key mode
From: "Wang, Cliff" <CWang@smartpipes.com>
Date: Thu, 6 Dec 2001 18:13:40 -0000
Cc: Alex Alten <Alten@netvista.net>, ipsec@lists.tislabs.com
Sender: owner-ipsec@lists.tislabs.com

If choice is a bad thing, then I am asking you who set the choice and what
criteria is used to set the choice? Are you saying PSK is not a valid
choice? Please listen to the field experience where IPsec boxes (lots of
them are cisco boxes, :)) are deployed to set up VPNs.

I agree with you IKEv1 has too many choices. Based on the smplified IKEv2
draft, adding PSK support won't be bad at all.

-----Original Message-----
From: Michael Thomas [mailto:mat@cisco.com] 
Sent: Thursday, December 06, 2001 1:06 PM
To: Wang, Cliff
Cc: 'Michael Thomas'; Alex Alten; ipsec@lists.tislabs.com
Subject: RE: Please save the pre-shared key mode

Wang, Cliff writes:
 > Very simple reasons,
 > 
 > IKEv1 is going to be replaced by IKEv2 in the future and KINK has yet to
be  > standardized and it is not going to replace IKE. On the other hand,
adding  > PSK support in IKEv2 is not an overkill, but provides much more  >
flexibilities and more choices for service providers.

KINK is very close to last call, and nobody's
claiming that it will replace IKE. And "choice" is
not necessarily a good thing. In fact, one of the
major lessons of IKEv1 (taken to heart by KINK)
was that "choice" is a distinctly *bad* thing.
Simplicity and narrow purpose in security
protocols is a *feature*, not a bug.

	     Mike

Prev by Date: Re: Son-of-IKE Performance
Next by Date: Re: Please save the pre-shared key mode
Prev by thread: RE: Please save the pre-shared key mode
Next by thread: RE: Please save the pre-shared key mode
Index(es):
- Main
- Thread