SORT BY:

LIST ORDER
THREAD
AUTHOR
SUBJECT


SEARCH

IPS HOME


    [Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

    RE: DH-CHAP



    Julian,
    
    > DH-CHAP (or should I call it DB-CHAP?)  used for bilateral authentication
    as 2
    > exchanges besides not "synchronizing" authentication is even more exposed
    to
    > active attack than CHAP.
    
    Call it "Oscar" if you like, I don't care ... :-).
    
    I don't understand either the 'not "synchronizing" authentication' or the
    "even more exposed to active attack than CHAP" comment.  For the latter
    comment, Section 6.3 of the draft explains how DH-CHAP protects against
    an active man-in-the-middle attack on a Responder that CHAP cannot prevent.
    Could you explain?
    
    Thanks,
    --David
    ---------------------------------------------------
    David L. Black, Senior Technologist
    EMC Corporation, 42 South St., Hopkinton, MA  01748
    +1 (508) 249-6449 *NEW*      FAX: +1 (508) 497-8500
    black_david@emc.com         Cell: +1 (978) 394-7754
    ---------------------------------------------------
    


Home

Last updated: Fri Apr 12 19:18:22 2002
9642 messages in chronological order