[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Remaining open issues for RFC-2401bis

To: Stephen Kent <kent@bbn.com>
Subject: Re: Remaining open issues for RFC-2401bis
From: Tero Kivinen <kivinen@iki.fi>
Date: Fri, 26 Mar 2004 11:56:09 +0200
Cc: ipsec@lists.tislabs.com
In-reply-to: <p06020407bc88a41e696c@[128.89.89.75]>
References: <200403200415.i2K4FlQU007773@thunk.east.sun.com><p06100407bc8210eadd2d@[63.202.92.152]><p06020401bc854e7aeba7@[10.84.130.85]><16480.9936.57483.798886@fireball.acr.fi><p06020401bc8612e45d2f@[128.89.89.75]><16480.32863.476549.187521@fireball.acr.fi><p06020401bc874c0ac4cc@[128.33.244.157]><16482.57437.574350.440617@fireball.acr.fi><p06020407bc88a41e696c@[128.89.89.75]>
Sender: owner-ipsec@lists.tislabs.com

Stephen Kent writes:
> I can't comment on what most vendors do in the 
> shared secret case for IPsec implementations. I 
> just cited my bad experience in a different but 
> equivalent context, and it was not good.

All of my bad experiences are because someone thought to be user
friendly and only created text input box where the password can be
written. It is extremly hard (or impossible) to write binary key
0x44f7ba0052dc29b4812d2e9b165b410d to that box, thus that laptop user
who have only text input box will not be able to use system at all.
Most of those who provided the hex-input also provided a way to type
the key in as string.

Thus, saying it is binary string, and you MUST offer way to put in any
binary string (up to certain length) works better, as it will always
offer interoperability (I agree it might not be that user friendly,
but that is something that the vendor can fix if they feel like making
it user friendly).
-- 
kivinen@safenet-inc.com

Follow-Ups:
- Re: Remaining open issues for RFC-2401bis
  - From: Stephen Kent <kent@bbn.com>

References:
- Re: Remaining open issues for RFC-2401bis
  - From: Bill Sommerfeld <sommerfeld@east.sun.com>
- Re: Remaining open issues for RFC-2401bis
  - From: Paul Hoffman / VPNC <paul.hoffman@vpnc.org>
- Re: Remaining open issues for RFC-2401bis
  - From: Stephen Kent <kent@bbn.com>
- Re: Remaining open issues for RFC-2401bis
  - From: Tero Kivinen <kivinen@iki.fi>
- Re: Remaining open issues for RFC-2401bis
  - From: Stephen Kent <kent@bbn.com>
- Re: Remaining open issues for RFC-2401bis
  - From: Tero Kivinen <kivinen@iki.fi>
- Re: Remaining open issues for RFC-2401bis
  - From: Stephen Kent <kent@bbn.com>
- Re: Remaining open issues for RFC-2401bis
  - From: Tero Kivinen <kivinen@iki.fi>
- Re: Remaining open issues for RFC-2401bis
  - From: Stephen Kent <kent@bbn.com>

Prev by Date: Re: Remaining open issues for RFC-2401bis
Next by Date: IDci and IDcr payloads with NAT Traversal
Previous by thread: Re: Remaining open issues for RFC-2401bis
Next by thread: Re: Remaining open issues for RFC-2401bis
Index(es):
- Date
- Thread