[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: Please save the pre-shared key mode
How about someone unwrap the myth. I don't care if it's PK or PSK as long
as we can set it up as easy as setup PSK in IKE v1.
Can someone show step-by-step procedure to set up PK? In a typical
scenario, the HQ sys admin sets up vpn and sends config to his unknowledged
remote offic peer to download to remote device. How do we do it when using
PK without using PKI?
Let's prove if it's as easy as setting up PSK.
--------------------------------------------
Michael Shieh
NetScreen Technologies, Inc
350 Oakmead Parkway
Sunnyvale, CA 94085
TEL: (408)730-6060
FAX: (408)730-6050
Email: mshieh@netscreen.com
--------------------------------------------
-----Original Message-----
From: Henry Spencer [mailto:henry@spsystems.net]
Sent: Friday, December 07, 2001 10:34 AM
To: Wang, Cliff
Cc: ipsec@lists.tislabs.com
Subject: RE: Please save the pre-shared key mode
On Fri, 7 Dec 2001, Wang, Cliff wrote:
>>> other hand, PSK based IKE and PKI based IKE has been the main way people
>>> deploying VPN. Under that context, PSK is simpler to run than PKI.
>> I think that's the myth Dan was talking about.
>
> From the operation point of view, PSK is quick and easy to set up service.
> It works and customers are happy. It is more real than a myth.
The myth being referred to is the notion that PSK is somehow unique in
being quick and easy to set up, because public keys absolutely require
PKI. That's wrong. It is just as quick and easy to set up with preshared
*public* keys. You don't need a PKI to use public keys.
Henry Spencer
henry@spsystems.net
Follow-Ups: