[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Please kill preshared key.

To: Bill Sommerfeld <sommerfeld@east.sun.com>
Subject: Re: Please kill preshared key.
From: Jan Vilhuber <vilhuber@cisco.com>
Date: Thu, 6 Dec 2001 15:31:24 -0800 (PST)
cc: ipsec@lists.tislabs.com
In-Reply-To: <200112061847.fB6IlsjM003590@thunk.east.sun.com>
Sender: owner-ipsec@lists.tislabs.com

I second that.

jan


On Thu, 6 Dec 2001, Bill Sommerfeld wrote:

> Since there are people arguing to save preshared key, I just wanted to
> reemphasize that: 
> 
>  0) it adds cryptographic complexity -- you essentially need a
> different cryptographic protocol for PSK vs. signature keys.  Let's
> spend the cycles of our cryptographers on more important stuff than
> this.
> 
>  1) it adds YET ONE MORE OPTION you need to test, one more knob you
> can misconfigure.. more time for customers spent fumbling around
> trying to figure out how to configure systems.
> 
>  2) equivalent functionality can be found in preconfigured public keys
> and/or self-signed certificates.
> 
> There's no need for it, it adds complexity.  Kill it.
> 
> 					- Bill
> 

 --
Jan Vilhuber                                            vilhuber@cisco.com
Cisco Systems, San Jose                                     (408) 527-0847

Follow-Ups:

Re: Please kill preshared key.

From: "Marcus D. Leech" <mleech@nortelnetworks.com>

References:

Please kill preshared key.

From: Bill Sommerfeld <sommerfeld@east.sun.com>

Prev by Date: Re: LAST CALL: NAT TRAVERSAL DRAFTS
Next by Date: Re: Please kill preshared key.
Prev by thread: Re: Please kill preshared key.
Next by thread: Re: Please kill preshared key.
Index(es):
- Main
- Thread