[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Please save the pre-shared key mode
The logic goes like this:
In the human history,
before computer is used for secrecy,
we all use paper, hands, eyeballs to achieve privacy.
>From our last few thousand years epxerience,
they work well; why computer even involes in this?
Scientific advancement will help our civilization - not the
existing majority experience which is
certainly not the reason to stop the advancement.
--- David
----- Original Message -----
From: "Michael Choung Shieh" <mshieh@netscreen.com>
To: "'Wang, Cliff'" <CWang@smartpipes.com>; "'Michael Thomas'"
<mat@cisco.com>; "Alex Alten" <Alten@netvista.net>
Cc: <ipsec@lists.tislabs.com>
Sent: Thursday, December 06, 2001 1:41 PM
Subject: RE: Please save the pre-shared key mode
>
> From our experience more than 80% of VPN users are using PSK. While we
are
> developing a standard to replace IKE v1, let's not leave the existing
users
> behind. Although we may give many reasons that PKI provides more security
> and scalability, it's (relatively) easy config of PSK bring IKE to wide
> adoption.
>
> --------------------------------------------
> Michael Shieh
> NetScreen Technologies, Inc
> --------------------------------------------
>
> -----Original Message-----
> From: Wang, Cliff [mailto:CWang@smartpipes.com]
> Sent: Thursday, December 06, 2001 9:57 AM
> To: 'Michael Thomas'; Alex Alten
> Cc: Wang, Cliff; ipsec@lists.tislabs.com
> Subject: RE: Please save the pre-shared key mode
>
>
> Very simple reasons,
>
> IKEv1 is going to be replaced by IKEv2 in the future and KINK has yet to
be
> standardized and it is not going to replace IKE. On the other hand, adding
> PSK support in IKEv2 is not an overkill, but provides much more
> flexibilities and more choices for service providers.
>
> -----Original Message-----
> From: Michael Thomas [mailto:mat@cisco.com]
> Sent: Thursday, December 06, 2001 12:43 PM
> To: Alex Alten
> Cc: Wang, Cliff; ipsec@lists.tislabs.com
> Subject: Re: Please save the pre-shared key mode
>
>
> Alex Alten writes:
> >
> > I *strongly* 2nd this motion. It would be extremely foolish > to
> eliminate PSK support. Foolish in this case translates into > lots of
> extra expensive hardware, etc., for our poor customers.
>
> There are already two choices for keying IPsec SA's
> with pre-shared keys with IETF protocols:
>
> 1) IKEv1
> 2) KINK
>
> The latter can be used peer-peer as well, and
> fixes many of the problems with (1). Why then
> do we need to have yet another?
>
> Mike
>
References: