1073e9c74ab794d63854aec9e1c7b9194fc2151d
howto/IPsecWithPublicKeys.md
... | ... | @@ -12,7 +12,7 @@ |
12 | 12 | |
13 | 13 | ### Public keys are _better_ |
14 | 14 | * They can be transmitted over insecure channels without compromising security |
15 | -* No need to generate a new key for each connection (but you could if you wanted to); just send the same public key to each new peer |
|
15 | +* No need to generate a new key for each connection; just send the same public key to each new peer |
|
16 | 16 | * Most implementations generate keys using high quality random numbers by default; one must _try_ to generate an insecure key |
17 | 17 | * Dynamic peers can all have distinct public keys and still use IKE main mode |
18 | 18 | |
... | ... | @@ -53,4 +53,5 @@ https://github.com/ryanriske/pubkey-converter |
53 | 53 | |
54 | 54 | ### Notes |
55 | 55 | 1. Best practice is to generate the private key on the router itself, and not transfer it to another machine. This part should be kept secret! |
56 | -2. Some implementations support more than one key format. The examples here only show how to use one of them (usually PEM) for brevity. |
|
... | ... | \ No newline at end of file |
0 | +2. Generate a key of at least 2048 bits, preferably 4096 if both ends support it. |
|
1 | +3. Some implementations support more than one key format. The examples here only show how to use one of them (usually PEM) for brevity. |
|
... | ... | \ No newline at end of file |