Hi Paul:
> Section 3:
>
> It requires information about the
> required authentication method (i.e. preshared keys), DH groups,
> modes and algorithms for IKE SA negotiation, etc.
>
> In the IKE world, we really try to not recommend preshared keys, because
> these keys mostly based on human readable low entropy content. If this
> document thinks raw RSA/ECDSA keys or X.509 certificates are also methods
> that will be implemented by SDN Controllers, please change the example of
> preshared keys to something else.
[Authors] In IKE case, the Security Controller generates pseudo-random PSKs.
Hence, there is NO low entropy
content since this PSK is not based on human involment. Having said that, raw
RSA/ECDSA keys or
X.509 certificates are plausible. Let's add it:
"It requires information about the
required authentication method (i.e. a raw public key, a x509 certificate
or preshared keys), DH groups,
modes and algorithms for IKE SA negotiation, etc.”
Best Regards.
-------------------------------------------------------
Rafa Marin-Lopez, PhD
Dept. Information and Communications Engineering (DIIC)
Faculty of Computer Science-University of Murcia
30100 Murcia - Spain
Telf: +34868888501 Fax: +34868884151 e-mail: [email protected]
-------------------------------------------------------
_______________________________________________
I2nsf mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/i2nsf
