[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Please save the pre-shared key mode
> 1) Simplicity
> Pre-shared key mode is simpler to support by eliminating the requirement of
> supporting complex PKI.
It's a myth that public-key implies you MUST have a PKI.
Self-signed certs combined with explicit out-of-band trust models is just a
non-cumbersome as pre-shared keys, IMHO, and they also offer
IP-address-portability. (Henry Spencer, correct me if I'm wrong, but
FreeSWAN has a self-signed cert model that works, right?)
If we keep pre-shared, let's have a scalable way of identifying them. In a
multi-homed world (esp. IPv6), pre-shared keys indexed by address pairs is as
much hassle as PKI registration (it's just less snake-oil than most PKIs ;).
For testing, I run server machines with self-signed certs. For small
(10-100) numbers of clients, it works out _quite_ nicely, and w/o any of the
PKI cruft. Peer-to-peer explosions is about the only case where PKI is
really needed, and pre-shared won't help you any there either. It's just a
matter of running certificate-generation, e-mail, and verifying hashes
out-of-band.
I'm not totally against nuking pre-shared. It's not, however, the panacea of
simplicity many think it is, and simplicity arguments don't hold water.
Dan
Follow-Ups:
References: