[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Please save the pre-shared key mode

To: Michael Choung Shieh <mshieh@netscreen.com>, "'Henry Spencer'" <henry@spsystems.net>, "Wang, Cliff" <CWang@smartpipes.com>
Subject: RE: Please save the pre-shared key mode
From: Alex Alten <Alten@netvista.net>
Date: Fri, 07 Dec 2001 19:28:05 -0800
Cc: ipsec@lists.tislabs.com
In-Reply-To: <9D048F4A422CD411A56500B0D0209C5B028F3A53@NS-CA>
Sender: owner-ipsec@lists.tislabs.com

And "setup" better include:
1. Key generation
2. Key distribution (in a trustworthy manner)
3. Key performance during the initial authentication of the session.

Given these, PSK beats PK on #1 and #3 hands down.
They are the same for #2.

- Alex

At 11:33 AM 12/7/2001 -0800, Michael Choung Shieh wrote:
>
>How about someone unwrap the myth.  I don't care if it's PK or PSK as long
>as we can set it up as easy as setup PSK in IKE v1.
>
>Can someone show step-by-step procedure to set up PK?  In a typical
>scenario, the HQ sys admin sets up vpn and sends config to his unknowledged
>remote offic peer to download to remote device.  How do we do it when using
>PK without using PKI?
>
>Let's prove if it's as easy as setting up PSK.
>
>--------------------------------------------
>Michael Shieh
>NetScreen Technologies, Inc
>350 Oakmead Parkway
>Sunnyvale, CA 94085
>TEL: (408)730-6060
>FAX: (408)730-6050
>Email:  mshieh@netscreen.com
>--------------------------------------------
>
>-----Original Message-----
>From: Henry Spencer [mailto:henry@spsystems.net]
>Sent: Friday, December 07, 2001 10:34 AM
>To: Wang, Cliff
>Cc: ipsec@lists.tislabs.com
>Subject: RE: Please save the pre-shared key mode
>
>
>On Fri, 7 Dec 2001, Wang, Cliff wrote:
>>>> other hand, PSK based IKE and PKI based IKE has been the main way people
>>>> deploying VPN. Under that context, PSK is simpler to run than PKI.   
>>> I think that's the myth Dan was talking about.
>>
>> From the operation point of view, PSK is quick and easy to set up service.
>> It works and customers are happy. It is more real than a myth.
>
>The myth being referred to is the notion that PSK is somehow unique in
>being quick and easy to set up, because public keys absolutely require
>PKI.  That's wrong.  It is just as quick and easy to set up with preshared
>*public* keys.  You don't need a PKI to use public keys. 
>
>                                                          Henry Spencer
>                                                       henry@spsystems.net
>
>
--

Alex Alten
Alten@Home.Com

Follow-Ups:

RE: Please save the pre-shared key mode

From: Jan Vilhuber <vilhuber@cisco.com>

References:

RE: Please save the pre-shared key mode

From: Michael Choung Shieh <mshieh@netscreen.com>

Prev by Date: Re: discussion of SIGMA-IKE
Next by Date: RE: Please save the pre-shared key mode
Prev by thread: Re: Please save the pre-shared key mode
Next by thread: RE: Please save the pre-shared key mode
Index(es):
- Main
- Thread