|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: DH-CHAPJulian, > DH-CHAP (or should I call it DB-CHAP?) used for bilateral authentication as 2 > exchanges besides not "synchronizing" authentication is even more exposed to > active attack than CHAP. Call it "Oscar" if you like, I don't care ... :-). I don't understand either the 'not "synchronizing" authentication' or the "even more exposed to active attack than CHAP" comment. For the latter comment, Section 6.3 of the draft explains how DH-CHAP protects against an active man-in-the-middle attack on a Responder that CHAP cannot prevent. Could you explain? Thanks, --David --------------------------------------------------- David L. Black, Senior Technologist EMC Corporation, 42 South St., Hopkinton, MA 01748 +1 (508) 249-6449 *NEW* FAX: +1 (508) 497-8500 black_david@emc.com Cell: +1 (978) 394-7754 ---------------------------------------------------
Home Last updated: Fri Apr 12 19:18:22 2002 9642 messages in chronological order |