[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Please kill preshared key.



Agree,
It is is not what IPSec intended to work. :-)

However, do you agree my statement make sense?

--- David

----- Original Message -----
From: "Henry Spencer" <henry@spsystems.net>
To: "david chen" <ietf_davidchen@hotmail.com>
Cc: <ipsec@lists.tislabs.com>
Sent: Friday, December 07, 2001 2:44 PM
Subject: Re: Please kill preshared key.


> On Fri, 7 Dec 2001, david chen wrote:
> > What I infered is that
> > the pre-shared symmetric key can be used for both authentication and
> > encryption without key-exchange (KE) since this key is exchnaged through
> > 'out-of-band' secured channel and is *intended* for the two devices
only.
>
> Your inference is incorrect.  That is not how today's IPSec PSK works.
>
>                                                           Henry Spencer
>                                                        henry@spsystems.net
>
>


Follow-Ups: References: