[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: Please save the pre-shared key mode
On Fri, 7 Dec 2001, Paul Koning wrote:
> [IKE replacement vs new protocol]
> If the latter, then the requirements set is open. But if the former,
> then the new protocol MUST include among its requirements all the
> features of the earlier protocol that are important. It is clear from
> looking at customer installations that pre-shared key is a critical
> feature of IKE.
No, it is clear from looking at customer installations that *some* form
of easy-to-set-up self-contained authentication which does not rely on
elaborate infrastructure is a critical feature. That is the strongest
conclusion which can be drawn from the evidence.
Whether that form has to be "pre-shared key" (better called "shared
secret") is *not* clear. Most IKE implementations offer no self-contained
alternative, so it is not possible to tell whether the requirement is for
"pre-shared key" or just for *some sort* of self-contained authentication.
The FreeS/WAN experience with preshared public keys suggests that most any
form of simple standardized self-contained authentication would suffice,
e.g. preshared public keys or self-signed certificates.
> ...If the goal is
> to improve matters for implementers and customers, the goal should be
> to create a new protocol which is indeed a viable replacement for the
> previous protocol, fully entitled to the name "IKE V2" because it
> incorporates the capabilities for which there is a proven need while
> cleaning up in other areas.
Quite so. But we must be careful to identify those capabilities in the
form of *requirements*, rather than jumping to conclusions about how those
requirements are to be met. A requirement for a simple self-contained
authentication method does not imply a requirement for "pre-shared key".
Henry Spencer
henry@spsystems.net
References: