reopen 578595 tags 578595 + wontfix thanks On Wed, 2010-04-21 at 09:58 +0200, Martin Willi wrote:
> PSK authentication is insecure if it is used with passwords. The NM > plugin is designed for end user remote-access, so people _will_ use weak > passwords. I won't implement PSK authentication in the NM plugin, this > is a political decision. That is a shame, I guess I have to implement it myself or find something else that does. openswan-nm looks like it might do that actually. I hope you don't mind, but I think this bug should stay open to document your (upstream) decision to not allow PSK support. I would suggest that password strength checking and notifications would address your concerns about people using weak passwords. > Please keep in mind that the NM plugin supports IKEv2 tunnels only. > IKEv2 is not widely deployed yet, are you sure your customer uses IKEv2? I did not know that. Apparently they use openswan 2.4, so no IKEv2. -- bye, pabs http://wiki.debian.org/PaulWise
signature.asc
Description: This is a digitally signed message part
