Unfortuanately, the pre-shared public key option is not widely avaialble in
most products which service provider can use. Among the available solutions,
PSK is easier, simpler, and more efficient to run than a PKI based solution.
Is that also a myth?
-----Original Message-----
From: Henry Spencer [mailto:henry@spsystems.net]
Sent: Friday, December 07, 2001 1:34 PM
To: Wang, Cliff
Cc: ipsec@lists.tislabs.com
Subject: RE: Please save the pre-shared key mode
On Fri, 7 Dec 2001, Wang, Cliff wrote:
>>> other hand, PSK based IKE and PKI based IKE has been the main way people
>>> deploying VPN. Under that context, PSK is simpler to run than PKI.
>> I think that's the myth Dan was talking about.
>
> From the operation point of view, PSK is quick and easy to set up
> service. It works and customers are happy. It is more real than a
> myth.
The myth being referred to is the notion that PSK is somehow unique in being
quick and easy to set up, because public keys absolutely require PKI.
That's wrong. It is just as quick and easy to set up with preshared
*public* keys. You don't need a PKI to use public keys.
Henry Spencer
henry@spsystems.net