Valery Smyslov <smyslov.i...@gmail.com> wrote: > > I'm watching the video (in five minute intervals for unexplained > > reasons... it seems like I've been watching this video for days). > > > > I want to +1 Dan: we need a balanced PAKE. > > > > I sincerely wish Tero was right: that there was no excuse not to use digital > > signatures for good site-to-site, even between companies. The reason we > > don't have this is because digital signatures keep getting confused with > > PKIs, something John Gilmore realized 20 years ago. > > > > I think we should ask the CFRG to pick a single balanced PAKE for us. > > Why do you think balanced PAKE is more appropriate for us than augmented?
Because I share Paul's view that the PSKs we care about are generally identical in both directions, and this use is primarily about site-to-site inter-company VPNs. This is note for road-warrier accesss. I would prefer that the PAKE method was not wrapped in EAP. -- Michael Richardson <mcr+i...@sandelman.ca>, Sandelman Software Works -= IPv6 IoT consulting =-
signature.asc
Description: PGP signature
_______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec