[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: Please save the pre-shared key mode
At least it is not my intention to say that nothings else works. Given the
EXISTING options (IKEv1) made available by device vendors, PSK is easier to
run.
Anything makes the deployment of IPsec VPN easier should be the common goal
of this working group. I will be more than glad to accept alternative ways
to achieve that goal, after a concensus is reached that they are indeed
better.
Where are these alternative approaches documented in the form of internet
draft?
-----Original Message-----
From: Henry Spencer [mailto:henry@spsystems.net]
Sent: Friday, December 07, 2001 4:02 PM
To: Wang, Cliff
Cc: 'Jan Vilhuber'; ipsec@lists.tislabs.com
Subject: RE: Please save the pre-shared key mode
On Fri, 7 Dec 2001, Wang, Cliff wrote:
> This thread is talking about saving the pre-shared key mode, instead
> of saying nothing else works.
The justification being offered for saving it is "nothing else works" --
that is, that there is no other equally quick and simple way of setting up a
simple connection. This is false. There are non-PKI approaches to public
keys which are just as simple and easy as PSK.
Henry Spencer
henry@spsystems.net
Follow-Ups: