[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Requirements, Please (was: Son-of-IKE Performance )
At 7:35 AM -0800 12/8/01, Michael Thomas wrote:
> JFK, for example, has made a fairly strong statement
> that symmetric pre-shared keys are a non-requirement.
> I haven't seen the IKEv2 take a strong position one
> way or the other.
*Both* proposals do not pre-shared keys, and only support
identification by signature using public keys, and *both* proposals
could easily be changed to support pre-shared keys. That is, neither
proposal generates keying material from the ID or the public key used
in the authentication, so either could be changed to have two modes
of identification with no change to the rest of the protocol.
The question is, as this thread header states so well, is whether or
not this is a requirement. If it is, either protocol can be changed
to handle the requirement; if it is not, neither protocol needs to
have it removed.
> Thus the only way to *really* give
> the proper valuation on this subject is to get
> consensus reflected into the requirements draft.
> This also has the side benefit that we can talk
> about contentious issues in the abstract rather
> than impugning somebody's baby.
Exactly right. There are other features in draft -00 of Proposal A
that are not in draft -00 of Proposal B, and vice versa, but that
fact should not affect our discussion of those two proposals unless
the features cannot be transferred.
--Paul Hoffman, Director
--VPN Consortium
References: