[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Please kill preshared key.

To: ipsec@lists.tislabs.com
Subject: Please kill preshared key.
From: Bill Sommerfeld <sommerfeld@east.sun.com>
Date: Thu, 06 Dec 2001 13:47:54 -0500
In-Reply-To: Your message of "Thu, 06 Dec 2001 17:04:04 GMT." <AAEFLEIBEBHEDGFBDNKIKEKCCNAA.alister@colt.net>
Reply-to: sommerfeld@east.sun.com
Sender: owner-ipsec@lists.tislabs.com

Since there are people arguing to save preshared key, I just wanted to
reemphasize that: 

 0) it adds cryptographic complexity -- you essentially need a
different cryptographic protocol for PSK vs. signature keys.  Let's
spend the cycles of our cryptographers on more important stuff than
this.

 1) it adds YET ONE MORE OPTION you need to test, one more knob you
can misconfigure.. more time for customers spent fumbling around
trying to figure out how to configure systems.

 2) equivalent functionality can be found in preconfigured public keys
and/or self-signed certificates.

There's no need for it, it adds complexity.  Kill it.

					- Bill

Follow-Ups:

Please kill public key

From: "Jari Arkko" <jari.arkko@kolumbus.fi>

Re: Please kill preshared key.

From: "david chen" <ietf_davidchen@hotmail.com>

Re: Please kill preshared key.

From: Jan Vilhuber <vilhuber@cisco.com>

Re: Please kill preshared key.

From: Henry Spencer <henry@spsystems.net>

Re: Please kill preshared key.

From: Sara Bitan <sarab@cs.Technion.AC.IL>

References:

RE: Please save the pre-shared key mode

From: "Alister Yap" <alister@colt.net>

Prev by Date: Re: RFC 2628 Implementation ( Crypto API )
Next by Date: RE: Please save the pre-shared key mode
Prev by thread: RE: Please save the pre-shared key mode
Next by thread: Please kill public key
Index(es):
- Main
- Thread