1073e9c74ab794d63854aec9e1c7b9194fc2151d
howto/IPsecWithPublicKeys.md
| ... | ... | @@ -12,7 +12,7 @@ |
| 12 | 12 | |
| 13 | 13 | ### Public keys are _better_ |
| 14 | 14 | * They can be transmitted over insecure channels without compromising security |
| 15 | -* No need to generate a new key for each connection (but you could if you wanted to); just send the same public key to each new peer |
|
| 15 | +* No need to generate a new key for each connection; just send the same public key to each new peer |
|
| 16 | 16 | * Most implementations generate keys using high quality random numbers by default; one must _try_ to generate an insecure key |
| 17 | 17 | * Dynamic peers can all have distinct public keys and still use IKE main mode |
| 18 | 18 | |
| ... | ... | @@ -53,4 +53,5 @@ https://github.com/ryanriske/pubkey-converter |
| 53 | 53 | |
| 54 | 54 | ### Notes |
| 55 | 55 | 1. Best practice is to generate the private key on the router itself, and not transfer it to another machine. This part should be kept secret! |
| 56 | -2. Some implementations support more than one key format. The examples here only show how to use one of them (usually PEM) for brevity. |
|
| ... | ... | \ No newline at end of file |
| 0 | +2. Generate a key of at least 2048 bits, preferably 4096 if both ends support it. |
|
| 1 | +3. Some implementations support more than one key format. The examples here only show how to use one of them (usually PEM) for brevity. |
|
| ... | ... | \ No newline at end of file |