RE: DH-CHAP

To: "Jonathan Stone" <jonathan@dsg.stanford.edu>
Subject: RE: DH-CHAP
From: "Yongge Wang" <ywang@karthika.com>
Date: Mon, 15 Apr 2002 14:41:01 -0400
Cc: <ips@ece.cmu.edu>
Content-Transfer-Encoding: 7bit
Content-Type: text/plain;charset="iso-8859-1"
Importance: Normal
In-Reply-To: <200204151824.g3FIOMP17962@Gregorio.Stanford.EDU>
Sender: owner-ips@ece.cmu.edu

>For typical network engineering, the answer is "no". In many
>environments, it's safe to assume that, while there may be cascades of
>Ethernet switches, there is only one leaf device per switch port.
>(Otherwise, you lose the benefits of full-duplex on the multi-drop
>segment.)

Thanks for this clarification.
Yongge

>For cryptographic purposes, it's moot: someone with physical access to
>the switch can put a port into monitor mode, snoop the traffic on the
>ethernet-switch-port in question, and forge MAC addresses to inject
>packets into that data stream.
>
>Consider the case where end-users control the iSCSI devices
>communicating via a switched ethernet, and the iSCSI end-user
>don't wish to trust the administrator of the Ethernet switch.

References:
- Re: DH-CHAP
  - From: Jonathan Stone <jonathan@dsg.stanford.edu>

Prev by Date: Re: DH-CHAP
Next by Date: iSCSI: DH-CHAP and impersonation
Prev by thread: Re: DH-CHAP
Next by thread: RE: DH-CHAP
Index(es):
- Date
- Thread

Home

Last updated: Mon Apr 15 15:18:22 2002
9679 messages in chronological order