[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: I-D ACTION:draft-kobayakawa-ipsec-ipv6-pnpipsec-reqts-00.txt

To: <rcharlet@SonicWALL.com>
Subject: RE: I-D ACTION:draft-kobayakawa-ipsec-ipv6-pnpipsec-reqts-00.txt
From: Jan Vilhuber <vilhuber@cisco.com>
Date: Thu, 31 Oct 2002 21:05:29 -0800 (PST)
cc: <ipsec@lists.tislabs.com>
In-Reply-To: <F4FC57B40BEE6E418CF222DCF8D5546508C25B@USEXCH3.us.sonicwall.com>
Sender: owner-ipsec@lists.tislabs.com

Presumably only passive wiretapping kinds of attacks.

<joking>
Maybe we should standardize the april fools draft-rfc pre-shared key
for IKE as the default password for plug-and-play ipsec?
</joking>

I'm not sure if this is a really good idea or a really bad one (as a
professional paranoiac, I tend towards the later).

Bad idea? False sense of security because now everyone thinks they are being
protected by ipsec (and really aren't, at least not terribly much)?

or

Good idea? A quick way to roll standard IPsec out to the masses with a
clean upgrade path: start deploying real pre-shared keys or
certificates (or dnssec or whatever) and use the tasty goat key only
if all else fails (still leaving the impression we're very secure when
we're not?)?

Hm... tasty goat, if I do say so myself ;) Can you make me one?

jan

On Thu, 31 Oct 2002 rcharlet@SonicWALL.com wrote:

> Howdy,
>
> 	What threat would this succeed in averting?
>
> --
> Ricky Charlet    rcharlet@alumni.calpoly.edu    USA (408) 962-8711
>
>

 --
Jan Vilhuber                                            vilhuber@cisco.com
Cisco Systems, San Jose                                     (408) 527-0847

THE NETWORK WORKS,
NO EXCUS NFS server mastiff-fddi not responding still trying

Next by Date: Re: A question about traffic selector
Next by thread: Re: I-D ACTION:draft-kobayakawa-ipsec-ipv6-pnpipsec-reqts-00.txt
Index(es):
- Date
- Thread