[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Please kill preshared key.
I second that.
jan
On Thu, 6 Dec 2001, Bill Sommerfeld wrote:
> Since there are people arguing to save preshared key, I just wanted to
> reemphasize that:
>
> 0) it adds cryptographic complexity -- you essentially need a
> different cryptographic protocol for PSK vs. signature keys. Let's
> spend the cycles of our cryptographers on more important stuff than
> this.
>
> 1) it adds YET ONE MORE OPTION you need to test, one more knob you
> can misconfigure.. more time for customers spent fumbling around
> trying to figure out how to configure systems.
>
> 2) equivalent functionality can be found in preconfigured public keys
> and/or self-signed certificates.
>
> There's no need for it, it adds complexity. Kill it.
>
> - Bill
>
--
Jan Vilhuber vilhuber@cisco.com
Cisco Systems, San Jose (408) 527-0847
Follow-Ups:
References: