Re: Please save the pre-shared key mode
Ricky Charlet <rcharlet@redcreek.com> Fri, 07 December 2001 01:15 UTC
Received: from lists.tislabs.com (portal.gw.tislabs.com [192.94.214.101]) by above.proper.com (8.11.6/8.11.3) with ESMTP id fB71FR221486; Thu, 6 Dec 2001 17:15:28 -0800 (PST)
Received: by lists.tislabs.com (8.9.1/8.9.1) id TAA02230 Thu, 6 Dec 2001 19:29:19 -0500 (EST)
Message-ID: <3C10104B.485198C@redcreek.com>
Date: Thu, 06 Dec 2001 16:41:47 -0800
From: Ricky Charlet <rcharlet@redcreek.com>
Organization: Redcreek Communications
X-Mailer: Mozilla 4.77 [en] (X11; U; Linux 2.4.2-2 i686)
X-Accept-Language: en
MIME-Version: 1.0
CC: ipsec@lists.tislabs.com
Subject: Re: Please save the pre-shared key mode
References: <Pine.LNX.4.21.0112061533140.18937-100000@janpc-home.cisco.com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: owner-ipsec@lists.tislabs.com
Precedence: bulk
Howdy, I'm moving my position from 'in favor' to 'neutral' on saving a pre-shared key authentication mode. Its not PSK itself or even current look alike PSK functionality I'd like to see saved. There is a new feature I want to see added and that is interaction with legacy authentication systems in support of remote access users ala draft-ietf-ipsra-reqmts-04.txt. Whether we use a PSK authentication mode (which seemed an obvious fit to me) or a PK authentication mode (I'm willing to learn how if anyone suggests a way) is beside the point to me. All arguments about saving PSK because PSK is easier to test are bogus even if true. Having a test mode and an operational mode is dumb. All arguments that PSK is more or less secure than PK seem to have come out in a tie in my best estimation. Both depend upon secure practices. All arguments that PSK is not scalable enough seem to have fallen a little flat in the face of operational experience with very large scale PSK based authentication systems. Even if we do all think that PK could scale further, PSK seems to be good enough at scaling to have won a larger piece of the authentication world pie than PK. All arguments that a PK auth system can serve all the current capabilities of a PSK system miss the point of the request that we actually *add* new functionality to support remote access users. All arguments about wanting to simplify our key-exchange authentication system to just one mode seem great on the face of it. But we might have an opportunity to add functionality (remote access support) into the main branch of our key exchange system here. If so, the added functionality would justify an extra mode... if needed. The biggest question in my mind is if we have the will to add remote access support since we are now modifying IKE. -- "They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." Benjamin Franklin Ricky Charlet : SonicWall Inc. : usa (510) 497-2103
- Please save the pre-shared key mode Wang, Cliff
- Re: Please save the pre-shared key mode Alex Alten
- Re: Please save the pre-shared key mode Henry Spencer
- Re: Please save the pre-shared key mode Sara Bitan
- RE: Please save the pre-shared key mode Alister Yap
- Re: Please save the pre-shared key mode Michael Thomas
- RE: Please save the pre-shared key mode Wang, Cliff
- RE: Please save the pre-shared key mode Michael Thomas
- RE: Please save the pre-shared key mode Wang, Cliff
- RE: Please save the pre-shared key mode Michael Choung Shieh
- Re: Please save the pre-shared key mode Dan McDonald
- Please kill preshared key. Bill Sommerfeld
- RE: Please save the pre-shared key mode Wang, Cliff
- RE: Please save the pre-shared key mode Paul Koning
- RE: Please kill preshared key. Joe MacLellan
- Please kill public key Jari Arkko
- RE: Please kill preshared key. Wang, Cliff
- Re: Please save the pre-shared key mode david chen
- Re: Please save the pre-shared key mode david chen
- Re: Please kill preshared key. david chen
- RE: Please save the pre-shared key mode Michael Thomas
- Re: Please kill preshared key. Scott Fluhrer
- Re: Please kill preshared key. Jan Vilhuber
- RE: Please save the pre-shared key mode Jan Vilhuber
- RE: Please save the pre-shared key mode Jan Vilhuber
- RE: Please save the pre-shared key mode Jan Vilhuber
- Re: Please kill preshared key. david chen
- Re: Please save the pre-shared key mode Ricky Charlet
- RE: Please save the pre-shared key mode Michael Choung Shieh
- Re: Please save the pre-shared key mode Steven M. Bellovin
- RE: Please kill preshared key. Wang, Cliff
- RE: Please save the pre-shared key mode Wang, Cliff
- RE: Please kill preshared key. Wang, Cliff
- Re: Please kill preshared key. Henry Spencer
- RE: Please save the pre-shared key mode Alex Alten
- Re: Please kill preshared key. Sara Bitan
- Re: Please kill preshared key. david chen
- RE: Please save the pre-shared key mode Wen-Chi (Alex) Wang
- RE: Please save the pre-shared key mode Alister Yap
- RE: Please kill preshared key. ryuan
- Re: Please kill preshared key. Marcus D. Leech
- Re: Please kill preshared key. david chen
- RE: Please save the pre-shared key mode Michael Thomas
- RE: Please kill preshared key. Jon Sjoberg x 158
- Re: Please kill preshared key. Dan Harkins
- RE: Please save the pre-shared key mode Henry Spencer
- RE: Please save the pre-shared key mode Wang, Cliff
- RE: Please save the pre-shared key mode Michael Choung Shieh
- Re: Please save the pre-shared key mode Dan Harkins
- RE: Please save the pre-shared key mode Henry Spencer
- RE: Please save the pre-shared key mode Jan Vilhuber
- Re: Please kill preshared key. Henry Spencer
- Re: Please save the pre-shared key mode Michael Thomas
- Re: Please save the pre-shared key mode Michael Thomas
- Re: Please save the pre-shared key mode Dan Harkins
- RE: Please save the pre-shared key mode Henry Spencer
- RE: Please save the pre-shared key mode Wang, Cliff
- RE: Please save the pre-shared key mode Michael Choung Shieh
- Re: Please save the pre-shared key mode Steven M. Bellovin
- RE: Please save the pre-shared key mode Jan Vilhuber
- RE: Please save the pre-shared key mode Tylor Allison
- RE: Please save the pre-shared key mode Henry Spencer
- RE: Please save the pre-shared key mode Wang, Cliff
- RE: Please save the pre-shared key mode Henry Spencer
- RE: Please save the pre-shared key mode Jan Vilhuber
- RE: Please save the pre-shared key mode Henry Spencer
- Re: Please save the pre-shared key mode Henry Spencer
- RE: Please save the pre-shared key mode Wang, Cliff
- RE: Please save the pre-shared key mode Henry Spencer
- RE: Please save the pre-shared key mode Wang, Cliff
- Re: Please save the pre-shared key mode Jan Vilhuber
- RE: Please save the pre-shared key mode Jan Vilhuber
- RE: Please save the pre-shared key mode Michael Choung Shieh
- Re: Please save the pre-shared key mode Dan Harkins
- Re: Please save the pre-shared key mode Ricky Charlet
- Re: Please save the pre-shared key mode Jan Vilhuber
- Re: Please kill preshared key. david chen
- Re: Please save the pre-shared key mode david chen
- RE: Please save the pre-shared key mode Alex Alten
- RE: Please save the pre-shared key mode Alex Alten
- RE: Please save the pre-shared key mode Jan Vilhuber
- RE: Please save the pre-shared key mode Jan Vilhuber
- Re: Please save the pre-shared key mode Sandy Harris
- RE: Please save the pre-shared key mode Henry Spencer
- Re: Please kill preshared key. Henry Spencer
- RE: Please save the pre-shared key mode Henry Spencer
- Re: Please kill preshared key. david chen
- Re: Please save the pre-shared key mode Markus Friedl
- RE: Please save the pre-shared key mode Paul Koning
- RE: Please save the pre-shared key mode Henry Spencer
- Re: Please save the pre-shared key mode Paul Koning