howto/IPsec-with-PublicKeys.md
... ...
@@ -1,6 +1,7 @@
1 1
# IPsec with public key authentication
2 2
## Stop using pre-shared keys!
3 3
### Pre-shared keys suck, because _reasons_
4
+
4 5
* __The key must be kept secret__, which means it must be shared only over a secure channel e.g. PGP, face-to-face
5 6
* Most implementations will accept insecure (too short, too simple) keys
6 7
* The [insecure][1] [IKE][2] [aggressive mode][3] must be used to support distinct PSKs for multiple dynamic peers, or