expiration, generation, management of pre-shared keys
Slaby, James
JSlaby at GIGAWEB.COM
Sun Apr 29 16:02:06 EDT 2001
I'm considering using pre-shared keys (instead of digital certificates) to
authenticate remote site gateways in my site-to-site Internet VPN. Is there
a best practice for how often such pre-shared keys should be expired?
Assuming I have distributed my original pre-shared keys securely (e.g., on
CD-ROM via bonded courier), can I generate new keys from expired ones? What
methods are commonly used to do so?
At what number of remote sites does the management of pre-shared keys become
such a burden that digital certificates become preferable?
Thanks,
Jim Slaby
Senior Industry Analyst
Giga Information Group
+1 617 577 4767
jslaby at gigaweb.com
VPN is sponsored by SecurityFocus.COM
More information about the VPN
mailing list