[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Perfect forward SECURITY (uni- vs bi-directional impersonation)'

To: ashar@osmosys.incog.com (Ashar Aziz)
Subject: Re: Perfect forward SECURITY (uni- vs bi-directional impersonation)'
From: " " <amir@watson.ibm.com>
Date: Wed, 11 Jan 1995 10:01:59 -0500
Cc: hugo@watson.ibm.com, ipsec@ans.net
In-Reply-To: Your message of "Tue, 10 Jan 1995 19:30:53 PST." <9501110330.AA00675@miraj.>


Ashar says:

> I disagree. In virtually any circumstance that IPSP is likely to be
> used in, E having A's long term authentication key will mean that
> to the network E *is* A, and therefore E can access any information
> that A can access.

But E cannot impersonate as B!! For example, if A is a file server, E cannot
continue reading/modifying B's files!!

If E has A's keys it would be able to impersonate A, by definition. What we
want
is to prevent any FURTHER demage, e.g. to B. (There are more interesting
applications where the impersonation of B could prevent from recovery of
security after the break-in into A.)

Of course, the fact that neither my fix nor the signatures as Hugo explained
apply to non-interactive SKIP is not terrible. But, when this feature is easy
to obtain, why not.

Best, Amir

References:

Re: Perfect forward SECURITY (uni- vs bi-directional impersonation)'

From: ashar@osmosys.incog.com (Ashar Aziz)

Prev by Date: Re: weak devices
Next by Date: Re: Perfect forward SECURITY (bypass channel?)
Prev by thread: Re: Perfect forward SECURITY (uni- vs bi-directional impersonation)'
Next by thread: Re: Perfect forward SECURITY (bypass channel?)
Index(es):
- Main
- Thread