[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: Please save the pre-shared key mode
>From our experience more than 80% of VPN users are using PSK. While we are
developing a standard to replace IKE v1, let's not leave the existing users
behind. Although we may give many reasons that PKI provides more security
and scalability, it's (relatively) easy config of PSK bring IKE to wide
adoption.
--------------------------------------------
Michael Shieh
NetScreen Technologies, Inc
--------------------------------------------
-----Original Message-----
From: Wang, Cliff [mailto:CWang@smartpipes.com]
Sent: Thursday, December 06, 2001 9:57 AM
To: 'Michael Thomas'; Alex Alten
Cc: Wang, Cliff; ipsec@lists.tislabs.com
Subject: RE: Please save the pre-shared key mode
Very simple reasons,
IKEv1 is going to be replaced by IKEv2 in the future and KINK has yet to be
standardized and it is not going to replace IKE. On the other hand, adding
PSK support in IKEv2 is not an overkill, but provides much more
flexibilities and more choices for service providers.
-----Original Message-----
From: Michael Thomas [mailto:mat@cisco.com]
Sent: Thursday, December 06, 2001 12:43 PM
To: Alex Alten
Cc: Wang, Cliff; ipsec@lists.tislabs.com
Subject: Re: Please save the pre-shared key mode
Alex Alten writes:
>
> I *strongly* 2nd this motion. It would be extremely foolish > to
eliminate PSK support. Foolish in this case translates into > lots of
extra expensive hardware, etc., for our poor customers.
There are already two choices for keying IPsec SA's
with pre-shared keys with IETF protocols:
1) IKEv1
2) KINK
The latter can be used peer-peer as well, and
fixes many of the problems with (1). Why then
do we need to have yet another?
Mike
Follow-Ups: