[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: l2tp as ipsra solution
Various levels/flavours of security are provided in IKE. Why should we not
do the same in ipsra.
chinna
On Thu, 22 Jun 2000, Dan Harkins wrote:
> On Thu, 22 Jun 2000 08:47:39 PDT "CHINNA N.R. PELLACURU" <pcn@xxxxxxxxx> wrote
> > I totally agree. I have already pointed out that, there could be
> > legitimate reasons for customers using a low level of security, and thus
> > the WG should not force a standard that mandates the highest level of
> > security at all times.
> >
> > chinna
>
> Whoa! I don't think this WG should provide various "levels of security"
> for its protocols.
>
> > On Thu, 22 Jun 2000, Daniel Fox wrote:
> > > These security conscious customers (using PAP
> > > or CHAP) are willing to pay the extra cost of a VPN for the extra security it
> > > provides, but the management cost of migrating to PKI all at once is a bitter
> > > pill.
>
> But protocols like PIC are supposed to add a spoon full o' sugar to make that
> medicine go dooowwwwnnn. The customer can obtain certificates (his own and the
> root cert) and authenticate himself using the legacy authentication method and
> then use them (the certs) for all subsequent communication. Eventually, and
> painlessly, the entire user base has migrated.
>
> Dan.
>
>
chinna narasimha reddy pellacuru
s/w engineer