[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Please save the pre-shared key mode



The logic goes like this:
In the human history,
before computer is used for secrecy,
we all use paper, hands, eyeballs to achieve privacy.
>From our last few thousand years epxerience,
they work well;  why computer even involes in this?

Scientific advancement will help our civilization - not the
existing majority experience which is
certainly not the reason to stop the advancement.

--- David



----- Original Message -----
From: "Michael Choung Shieh" <mshieh@netscreen.com>
To: "'Wang, Cliff'" <CWang@smartpipes.com>; "'Michael Thomas'"
<mat@cisco.com>; "Alex Alten" <Alten@netvista.net>
Cc: <ipsec@lists.tislabs.com>
Sent: Thursday, December 06, 2001 1:41 PM
Subject: RE: Please save the pre-shared key mode


>
> From our experience more than 80% of VPN users are using PSK.  While we
are
> developing a standard to replace IKE v1, let's not leave the existing
users
> behind.  Although we may give many reasons that PKI provides more security
> and scalability, it's (relatively) easy config of PSK bring IKE to wide
> adoption.
>
> --------------------------------------------
> Michael Shieh
> NetScreen Technologies, Inc
> --------------------------------------------
>
> -----Original Message-----
> From: Wang, Cliff [mailto:CWang@smartpipes.com]
> Sent: Thursday, December 06, 2001 9:57 AM
> To: 'Michael Thomas'; Alex Alten
> Cc: Wang, Cliff; ipsec@lists.tislabs.com
> Subject: RE: Please save the pre-shared key mode
>
>
> Very simple reasons,
>
> IKEv1 is going to be replaced by IKEv2 in the future and KINK has yet to
be
> standardized and it is not going to replace IKE. On the other hand, adding
> PSK support in IKEv2 is not an overkill, but provides much more
> flexibilities and more choices for service providers.
>
> -----Original Message-----
> From: Michael Thomas [mailto:mat@cisco.com]
> Sent: Thursday, December 06, 2001 12:43 PM
> To: Alex Alten
> Cc: Wang, Cliff; ipsec@lists.tislabs.com
> Subject: Re: Please save the pre-shared key mode
>
>
> Alex Alten writes:
>  >
>  > I *strongly* 2nd this motion.  It would be extremely foolish  > to
> eliminate PSK support.  Foolish in this case translates into  > lots of
> extra expensive hardware, etc., for our poor customers.
>
>    There are already two choices for keying IPsec SA's
>    with pre-shared keys with IETF protocols:
>
>    1) IKEv1
>    2) KINK
>
>    The latter can be used peer-peer as well, and
>    fixes many of the problems with (1). Why then
>    do we need to have yet another?
>
> Mike
>


References: