[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Please save the pre-shared key mode



On Fri, 7 Dec 2001, Michael Choung Shieh wrote:
> Given the many methods of transfering PK without consesus, interoperability
> of protocol USE is an issue.  If one chooses self-sign cert and freeswan
> uses DNS-SEC and you use fingerprint, the admin won't call it's
> interoperable even the protocol itself is interoperable.
> Then the draft should document it and require vendor to support certain
> scenarios, or it just move the complexity from protocol to real-world
> implemenation.

Right.  It needs nailing down.  But this need not take more than a 
paragraph or two in the spec, *and* it doesn't interact with the rest
in any significant way.  Big win over having a separate protocol mode.

                                                          Henry Spencer
                                                       henry@spsystems.net



References: