[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Suggestion for SOI wrt PFS

To: Bill Sommerfeld <sommerfeld@east.sun.com>
Subject: Re: Suggestion for SOI wrt PFS
From: Jan Vilhuber <vilhuber@cisco.com>
Date: Mon, 1 Apr 2002 12:13:03 -0800 (PST)
cc: "Catherine A. Meadows" <meadows@itd.nrl.navy.mil>, <andrew.krywaniuk@alcatel.com>, <ipsec@lists.tislabs.com>
In-Reply-To: <200204012006.g31K6css018688@thunk.east.sun.com>
Sender: owner-ipsec@lists.tislabs.com

On Mon, 1 Apr 2002, Bill Sommerfeld wrote:

> > Generally, people do NOT want to be reprompted for passwords in the
> > middle of a session, though...
>
> this is no doubt one of the reasons why PIC does legacy authentication
> and issues certs prior to kicking off IKE.
>

Agreed. But note there hasn't been agreement (see Cheryl's
requirements document) on whether we want to punt all remote access to
IPSRA (thus using PIC), or not.

If we use PIC for all legacy authentication (aside: why is it called
legacy, when it's still being used extensively?), then the discussion
degrades into 'is rsa cheap'...

jan
 --
Jan Vilhuber                                            vilhuber@cisco.com
Cisco Systems, San Jose                                     (408) 527-0847

Follow-Ups:
- Re: Suggestion for SOI wrt PFS
  - From: Uri Blumenthal <uri@bell-labs.com>

References:
- Re: Suggestion for SOI wrt PFS
  - From: Bill Sommerfeld <sommerfeld@east.sun.com>

Prev by Date: Re: Suggestion for SOI wrt PFS
Next by Date: Re: Move TS to optional (RE: Don't remove TS from IKEv2)
Prev by thread: Re: Suggestion for SOI wrt PFS
Next by thread: Re: Suggestion for SOI wrt PFS
Index(es):
- Date
- Thread