[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: Please save the pre-shared key mode
On Fri, 7 Dec 2001, Michael Choung Shieh wrote:
> Given the many methods of transfering PK without consesus, interoperability
> of protocol USE is an issue. If one chooses self-sign cert and freeswan
> uses DNS-SEC and you use fingerprint, the admin won't call it's
> interoperable even the protocol itself is interoperable.
> Then the draft should document it and require vendor to support certain
> scenarios, or it just move the complexity from protocol to real-world
> implemenation.
Right. It needs nailing down. But this need not take more than a
paragraph or two in the spec, *and* it doesn't interact with the rest
in any significant way. Big win over having a separate protocol mode.
Henry Spencer
henry@spsystems.net
References: