Paul Wouters <p...@nohats.ca> wrote: > > On Dec 10, 2018, at 19:51, Michael Richardson <m...@sandelman.ca> wrote: > > > > > > Paul Wouters <p...@nohats.ca> wrote: > >>> Because I share Paul's view that the PSKs we care about are generally > >>> identical in both directions > >> > >> I agree here. > >> > >>> , and this use is primarily about site-to-site > >>> inter-company VPNs. This is note for road-warrier accesss. > >> > >> But not here. weak group PSK's for roadwarriors is a thing :( > > > > yes, typo, "not for road-warrior" > > I understood. I disagree with the “not”. Road warriors using group psk is a > thing, sadly.
But they aren't cross-domain, they can do EAP-foobar, and they could use a certificate without a lot of hassle about what set of trust anchors. If we stick to the site-to-site then I think we can do something rather simple and quick, and our security considerations section will be much simpler. -- ] Never tell me the odds! | ipv6 mesh networks [ ] Michael Richardson, Sandelman Software Works | network architect [ ] m...@sandelman.ca http://www.sandelman.ca/ | ruby on rails [
signature.asc
Description: PGP signature
_______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
