ietf
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Protocol Action: 'Pre-Shared Key Ciphersuites for Transport Layer Security (TLS)' to Proposed Standard

2005-06-27 09:46:59
from [Paul Hoffman] [Permanent Link] 
At 5:02 PM +0200 6/27/05, Francis Dupont wrote:

pre-shared secrets
are known to be weaker than certificates
That statement is false for many common uses of preshared secrets and certificates. A preshared secret with even 80 bits of randomness is stronger than most certificates used for authentication today. (See RFC 3766 for the math behind this.) 


 I remember a similar discussion about IKEv2 but in this case pre-shared
secrets were kept for compatibility...
This is also false. The archives of the IPsec Working Group show that there were many other reasons for supporting preshared secrets, including many administrative scenarios.
The two authentication mechanisms have quite different properties and each is appropriate in many settings. Saying one or the other is "known to be weaker" without examining the context, particularly on a general-purpose mailing list, will not help increase the security of the Internet. 

--Paul Hoffman, Director
--VPN Consortium

_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Last Call: 'Required functions of User Interface for the Internet X.509 Public Key Infrastructure' to Informational RFC, Dave Crocker
Next by Date:  IANA evolution - was IANA Action, Jefsey Morfin
Previous by Thread:  Re: Protocol Action: 'Pre-Shared Key Ciphersuites for Transport Layer Security (TLS)' to Proposed Standard, Francis Dupont
Next by Thread:  Re: Protocol Action: 'Pre-Shared Key Ciphersuites for Transport Layer Security (TLS)' to Proposed Standard, Francis Dupont
Indexes:  [Date] [Thread] [Top] [All Lists]