|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: DH-CHAP>For typical network engineering, the answer is "no". In many >environments, it's safe to assume that, while there may be cascades of >Ethernet switches, there is only one leaf device per switch port. >(Otherwise, you lose the benefits of full-duplex on the multi-drop >segment.) Thanks for this clarification. Yongge >For cryptographic purposes, it's moot: someone with physical access to >the switch can put a port into monitor mode, snoop the traffic on the >ethernet-switch-port in question, and forge MAC addresses to inject >packets into that data stream. > >Consider the case where end-users control the iSCSI devices >communicating via a switched ethernet, and the iSCSI end-user >don't wish to trust the administrator of the Ethernet switch.
Home Last updated: Mon Apr 15 15:18:22 2002 9679 messages in chronological order |