[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: I-D ACTION:draft-kobayakawa-ipsec-ipv6-pnpipsec-reqts-00.txt
Presumably only passive wiretapping kinds of attacks.
<joking>
Maybe we should standardize the april fools draft-rfc pre-shared key
for IKE as the default password for plug-and-play ipsec?
</joking>
I'm not sure if this is a really good idea or a really bad one (as a
professional paranoiac, I tend towards the later).
Bad idea? False sense of security because now everyone thinks they are being
protected by ipsec (and really aren't, at least not terribly much)?
or
Good idea? A quick way to roll standard IPsec out to the masses with a
clean upgrade path: start deploying real pre-shared keys or
certificates (or dnssec or whatever) and use the tasty goat key only
if all else fails (still leaving the impression we're very secure when
we're not?)?
Hm... tasty goat, if I do say so myself ;) Can you make me one?
jan
On Thu, 31 Oct 2002 rcharlet@SonicWALL.com wrote:
> Howdy,
>
> What threat would this succeed in averting?
>
> --
> Ricky Charlet rcharlet@alumni.calpoly.edu USA (408) 962-8711
>
>
--
Jan Vilhuber vilhuber@cisco.com
Cisco Systems, San Jose (408) 527-0847
THE NETWORK WORKS,
NO EXCUS NFS server mastiff-fddi not responding still trying