RE: DH-CHAP

To: Black_David@emc.com
Subject: RE: DH-CHAP
From: "Julian Satran" <Julian_Satran@il.ibm.com>
Date: Fri, 12 Apr 2002 15:35:40 +0300
Cc: dthanos@karthika.com, hvenkatacharya@karthika.com, ifblake@comm.utoronto.ca, ips@ece.cmu.edu, kmurty@karthika.com, owner-ips@ece.cmu.edu, ywang@karthika.com
Content-Type: multipart/alternative; boundary="=_alternative 0045345AC2256B99_="
Sender: owner-ips@ece.cmu.edu

I think that we will have to decide if MIM and any other active attacks should be a major concern.

IMHO they are for (at least) the following reasons:

wireless is be coming important and MIM attacks are so much simpler in this are
bidirectional authentication is important as loading active content from an unauthenticated target is a major risk (imagine that you load a slightly modified OS from an impersonating target) and both target and initiator should be concerned about impersonators

DH-CHAP (or should I call it DB-CHAP?) used for bilateral authentication as 2 exchanges besides not "synchronizing" authentication is even more exposed to active attack than CHAP.

Julo

Home

Last updated: Fri Apr 12 12:18:20 2002
9631 messages in chronological order