On Thu, 19 Aug 2004, Kirk Lane wrote:
> Hey everyone - part 2 is up!
I note the "to do" staement:
"Of these host/network grouping, secondary WAN interfaces and backup
links, and Certificate Authentication for IPSec VPNs will be the major
It should be noted that supporting RSA keys for IPsec even *without* PKI
certificates would be useful (and considerably simpler), since it's not
only a somewhat more secure keying arrangement, but it also eliminates the
identifier restriction with Main Mode.
BTW, anyone using MD5 instead of SHA might want to take note that MD5 has
A reduced-round version of SHA-1 has also been broken, but not the full
version normally used.