[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Please kill preshared key.
Agree,
It is is not what IPSec intended to work. :-)
However, do you agree my statement make sense?
--- David
----- Original Message -----
From: "Henry Spencer" <henry@spsystems.net>
To: "david chen" <ietf_davidchen@hotmail.com>
Cc: <ipsec@lists.tislabs.com>
Sent: Friday, December 07, 2001 2:44 PM
Subject: Re: Please kill preshared key.
> On Fri, 7 Dec 2001, david chen wrote:
> > What I infered is that
> > the pre-shared symmetric key can be used for both authentication and
> > encryption without key-exchange (KE) since this key is exchnaged through
> > 'out-of-band' secured channel and is *intended* for the two devices
only.
>
> Your inference is incorrect. That is not how today's IPSec PSK works.
>
> Henry Spencer
> henry@spsystems.net
>
>
Follow-Ups:
References: