[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: ISAKMP DOI Question (General, Not IP Specific)



>  What worries me a little here (Steve Bellovin, help me out here anytime you
>  wish!  :) is that I can specify the actually security association of the
>  outbound traffic.

>  On a single-user system, this isn't so bad, but on a multi-user box with
>  malicious users, this could cause all sorts of chosen-plaintext problems.

It depends on your local policy.  I've never quite understood why
SPI's (as names standing for SA's) aren't under access control.  If
Alice creates it, why should Bob be allowed to use it?


Hilarie


Follow-Ups: References: