On Oct 4, 2012, at 6:33 PM, Behcet Sarikaya wrote: >> Pre-shared keys has the problem that they do not scale, and in most of >> the internet of things like setups you cannot really use pre-shared >> keys. Using raw public keys solves the scalability problem, but does >> not involve the certificate validation issues.
I hear this all the time and still it is wrong. The "magic" to scale a shared secrets-based authentication system is to move from a two party to a three party system. An example of a successfully deployed shared secret based authentication infrastructure can be found with the cellular communication infrastructure. In context of this document this means that you have to use IKEv2 with EAP and combine it with the AAA infrastructure. Isn't it easy? _______________________________________________ Lwip mailing list [email protected] https://www.ietf.org/mailman/listinfo/lwip
