SORT BY:

LIST ORDER
THREAD
AUTHOR
SUBJECT


SEARCH

IPS HOME


    [Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

    RE: DH-CHAP



    >For typical network engineering, the answer is "no". In many
    >environments, it's safe to assume that, while there may be cascades of
    >Ethernet switches, there is only one leaf device per switch port.
    >(Otherwise, you lose the benefits of full-duplex on the multi-drop
    >segment.)
    
    Thanks for this clarification.
    Yongge
    
    >For cryptographic purposes, it's moot: someone with physical access to
    >the switch can put a port into monitor mode, snoop the traffic on the
    >ethernet-switch-port in question, and forge MAC addresses to inject
    >packets into that data stream.
    >
    >Consider the case where end-users control the iSCSI devices
    >communicating via a switched ethernet, and the iSCSI end-user
    >don't wish to trust the administrator of the Ethernet switch.
    

    • References:
      • Re: DH-CHAP
        • From: Jonathan Stone <jonathan@dsg.stanford.edu>


Home

Last updated: Mon Apr 15 15:18:22 2002
9679 messages in chronological order