[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: l2tp as ipsra solution

To: "CHINNA N.R. PELLACURU" <pcn@xxxxxxxxx>
Subject: Re: l2tp as ipsra solution
From: Dan Harkins <dharkins@xxxxxxxxxxxxxx>
Date: Thu, 22 Jun 2000 09:06:12 -0700
Cc: Daniel Fox <dfox@xxxxxxxxxxxxxxxxxxxx>, IPSRA list <ietf-ipsra@xxxxxxxx>
In-reply-to: Your message of "Thu, 22 Jun 2000 08:47:39 PDT." <>
List-archive: <http://www.vpnc.org/ietf-ipsra/mail-archive/>
List-id: <ietf-ipsra.vpnc.org>
List-unsubscribe: <mailto:ietf-ipsra-request@vpnc.org?body=unsubscribe>
Sender: owner-ietf-ipsra@xxxxxxxxxxxxx

On Thu, 22 Jun 2000 08:47:39 PDT "CHINNA N.R. PELLACURU" <pcn@xxxxxxxxx> wrote
> I totally agree. I have already pointed out that, there could be
> legitimate reasons for customers using a low level of security, and thus
> the WG should not force a standard that mandates the highest level of
> security at all times.
> 
>     chinna

  Whoa! I don't think this WG should provide various "levels of security"
for its protocols.

> On Thu, 22 Jun 2000, Daniel Fox wrote:
> >                               These security conscious customers (using PAP
> > or CHAP) are willing to pay the extra cost of a VPN for the extra security it
> > provides, but the management cost of migrating to PKI all at once is a bitter
> > pill.

But protocols like PIC are supposed to add a spoon full o' sugar to make that
medicine go dooowwwwnnn. The customer can obtain certificates (his own and the
root cert) and authenticate himself using the legacy authentication method and 
then use them (the certs) for all subsequent communication. Eventually, and 
painlessly, the entire user base has migrated.

  Dan.

Follow-Ups:
- Re: l2tp as ipsra solution
  - From: CHINNA N.R. PELLACURU

References:
- Re: l2tp as ipsra solution
  - From: CHINNA N.R. PELLACURU

Prev by Date: Re: l2tp as ipsra solution
Next by Date: L2TP is ipsra solution (?)
Previous by thread: Re: l2tp as ipsra solution
Next by thread: Re: l2tp as ipsra solution
Index(es):
- Date
- Thread