|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: FCIP and iFCP Keying Problem
Clarification: I realize that in the (main mode, pre-shared key) variant the endpoints' identities can only be IP addresses due to a chicken-and-egg problem (and rfc2409 confirms this). I also realize that this variant is useless in the presence of DHCP-assigned IP addresses (which is not our case, as we only work with static IP addresses). A DH is obviously vulnerable to a MIM attack, but a DH + pre-shared key intuitively shouldn't. And I don't think we worry about identities being revealed. What am I missing? (rfc2409 has single-handedly neutralized the few brain cells that I've left). -franco Advanced Technology Investments Nortel Networks, Inc. 600 Technology Park Billerica, MA 01821 USA Tel: 978 288 7708 Fax: 978 288 4690 email: travos@nortelnetworks.com
Home Last updated: Fri Sep 07 19:17:10 2001 6452 messages in chronological order |