Valery Smyslov <smyslov.i...@gmail.com> wrote: > I think that using PAKE for road warriors is more important than for > site-to-site VPNs. In the latter case the SGWs are usually administered > by (presumably :-)) experienced administrators, who can select a high-entropy > PSK, and these PSKs need not to be memorable by users. So, generally > speaking, > it is more secure to use good PSK than passwords (since any PAKE defends > only
If we assume highly competent administrators, then we don't need a PAKE at all. What I heard from the IPsecME record was that many in the room felt that this was where ther was a weakness. -- Michael Richardson <mcr+i...@sandelman.ca>, Sandelman Software Works -= IPv6 IoT consulting =-
signature.asc
Description: PGP signature
_______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec