[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Please save the pre-shared key mode

To: Michael Choung Shieh <mshieh@netscreen.com>
Subject: RE: Please save the pre-shared key mode
From: Jan Vilhuber <vilhuber@cisco.com>
Date: Thu, 6 Dec 2001 15:37:26 -0800 (PST)
cc: "'Wang, Cliff'" <CWang@smartpipes.com>, "'Michael Thomas'" <mat@cisco.com>, Alex Alten <Alten@netvista.net>, ipsec@lists.tislabs.com
In-Reply-To: <9D048F4A422CD411A56500B0D0209C5B028F3A49@NS-CA>
Sender: owner-ipsec@lists.tislabs.com

On Thu, 6 Dec 2001, Michael Choung Shieh wrote:

> 
> >From our experience more than 80% of VPN users are using PSK.

That's fine. For a user-interface, you can make a public-key system look
EXACTLY like a pre-shared symmetric key system (maybe not exactly, but at
least as simple).

jan


> While we are
> developing a standard to replace IKE v1, let's not leave the existing users
> behind.  Although we may give many reasons that PKI provides more security
> and scalability, it's (relatively) easy config of PSK bring IKE to wide
> adoption.
> 
> --------------------------------------------
> Michael Shieh
> NetScreen Technologies, Inc
> --------------------------------------------
> 
> -----Original Message-----
> From: Wang, Cliff [mailto:CWang@smartpipes.com]
> Sent: Thursday, December 06, 2001 9:57 AM
> To: 'Michael Thomas'; Alex Alten
> Cc: Wang, Cliff; ipsec@lists.tislabs.com
> Subject: RE: Please save the pre-shared key mode
> 
> 
> Very simple reasons,
> 
> IKEv1 is going to be replaced by IKEv2 in the future and KINK has yet to be
> standardized and it is not going to replace IKE. On the other hand, adding
> PSK support in IKEv2 is not an overkill, but provides much more
> flexibilities and more choices for service providers.
> 
> -----Original Message-----
> From: Michael Thomas [mailto:mat@cisco.com] 
> Sent: Thursday, December 06, 2001 12:43 PM
> To: Alex Alten
> Cc: Wang, Cliff; ipsec@lists.tislabs.com
> Subject: Re: Please save the pre-shared key mode
> 
> 
> Alex Alten writes:
>  > 
>  > I *strongly* 2nd this motion.  It would be extremely foolish  > to
> eliminate PSK support.  Foolish in this case translates into  > lots of
> extra expensive hardware, etc., for our poor customers.
> 
>    There are already two choices for keying IPsec SA's
>    with pre-shared keys with IETF protocols:
> 
>    1) IKEv1
>    2) KINK
> 
>    The latter can be used peer-peer as well, and
>    fixes many of the problems with (1). Why then
>    do we need to have yet another? 
> 
> 	 Mike
> 

 --
Jan Vilhuber                                            vilhuber@cisco.com
Cisco Systems, San Jose                                     (408) 527-0847

References:

RE: Please save the pre-shared key mode

From: Michael Choung Shieh <mshieh@netscreen.com>

Prev by Date: RE: Please save the pre-shared key mode
Next by Date: RE: Please save the pre-shared key mode
Prev by thread: Re: Please save the pre-shared key mode
Next by thread: RE: Please save the pre-shared key mode
Index(es):
- Main
- Thread