[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Comments on CRACK

To: "Steven M. Bellovin" <smb@xxxxxxxxxxxxxxxx>
Subject: Re: Comments on CRACK
From: Ricky Charlet <rcharlet@xxxxxxxxxxxx>
Date: Tue, 26 Oct 1999 21:23:42 +0000
Cc: ietf-ipsra@xxxxxxxx
List-archive: <http://www.vpnc.org/ietf-ipsra/mail-archive/>
List-id: <ietf-ipsra.vpnc.org>
List-unsubscribe: <mailto:ietf-ipsra-request@vpnc.org?body=unsubscribe>
Organization: RedCreek Communications Inc.
References: <>
Sender: owner-ietf-ipsra@xxxxxxxxxxxxx

"Steven M. Bellovin" wrote:
> 
> In message <3815F49E.BFABF7C9@xxxxxxxxx>, Roy Pereira writes:
> 
> >
> > Let me ask everyone who is interested;  How do we support existing
> > legacy user authentication within IKE without using a PKI ?
> 
> With a protocol that lets the customer download an encrypted private key/
> certificate pair from a server, followed by ordinary IKE.
> 
>                 --Steve Bellovin


Howdy ()
	<This note was sent to only the ipsra list>


	I always hate when people put words in my mouth, but just to make sure
I understand, are you saying that:

	A PKI, with per user granularity, 'MUST' be used to solve IPSec remote
access authentication?

-- 
####################################
#  Ricky Charlet
#	(510) 795-6903
#	rcharlet@xxxxxxxxxxxx
####################################

end Howdy;

References:
- Re: Comments on CRACK
  - From: Steven M. Bellovin

Prev by Date: Re: User-level Authentication Mechanisms for IPsec
Next by Date: Re: Comments on CRACK
Previous by thread: Re: Comments on CRACK
Next by thread: RE: Comments on CRACK
Index(es):
- Date
- Thread