expiration, generation, management of pre-shared keys
Christopher Gripp
cgripp at AXCELERANT.COM
Mon Apr 30 13:13:20 EDT 2001
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I would expire the preshared keys every 30 days. Make sure you use a
good bit length, something more than the standard 8 character
password. As for number of sites, assuming it is a fully meshed VPN
and that most techies don't like keeping an Excel spreadsheet full of
their security information, I would say 10. Each key should be
different for each sites SA.
My question is why not use digital certs?!?
Christopher S. Gripp
Systems Engineer
Axcelerant
Connecting Everyone In Your Business World
Visit us @ http://www.axcelerant.com <http://www.axcelerant.com/>
- -----Original Message-----
From: Slaby, James [mailto:JSlaby at GIGAWEB.COM]
Sent: Sunday, April 29, 2001 1:02 PM
To: VPN at SECURITYFOCUS.COM
Subject: expiration, generation, management of pre-shared keys
I'm considering using pre-shared keys (instead of digital
certificates) to
authenticate remote site gateways in my site-to-site Internet VPN. Is
there
a best practice for how often such pre-shared keys should be expired?
Assuming I have distributed my original pre-shared keys securely
(e.g., on
CD-ROM via bonded courier), can I generate new keys from expired
ones? What
methods are commonly used to do so?
At what number of remote sites does the management of pre-shared keys
become
such a burden that digital certificates become preferable?
Thanks,
Jim Slaby
Senior Industry Analyst
Giga Information Group
+1 617 577 4767
jslaby at gigaweb.com
VPN is sponsored by SecurityFocus.COM
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com>
iQA/AwUBOu2cbWLRPLnfp/zREQIyaQCfXIQq1uGb2pdNjwKdl19qHBvJ3pQAnRN0
Kfnz0Eg/KB00/SStqwH777JC
=ZpdQ
-----END PGP SIGNATURE-----
VPN is sponsored by SecurityFocus.COM
More information about the VPN
mailing list