[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Weak Crypto in Phase 1

To: Rodney Thayer <rodney@ssh.fi>
Subject: Re: Weak Crypto in Phase 1
From: Tamir Zegman <zegman@checkpoint.com>
Date: Wed, 19 May 1999 17:39:03 +0300
CC: ipsec@lists.tislabs.com
Organization: Check Point
References: <Pine.OSF.4.05.9905191546570.24650-100000@torni.ssh.fi>
Sender: owner-ipsec@lists.tislabs.com

Rodney Thayer wrote:

> I have seen this before, originally thought it was essentially because
> people didn't think it mattered, or in fact hadn't thought about it
> or, their IKE parameters were hard-coded.
>
> In Minneapolis, I had a partial conversation with Hillarie (sp?) regarding
> this and I got the impression that the nature of the Phase 1 as opposed to
> Phase 2 exchanges might be constructed such that the crypto strength
> mismatch might not be a problem.
>

Of course if you use PFS in Phase 2 then you are better protected, but I
wouldn't rely too much on that.

begin:vcard 
n:Zegman;Tamir
tel;fax:+972-3-5759256
tel;work:+972-3-7534606
x-mozilla-html:TRUE
url:www.checkpoint.com
org:Check Point Software Technologies Ltd.;Encryption group
adr:;;3A Jabotinsky St., Diamond Tower;Ramat-Gan;;52520;ISRAEL
version:2.1
email;internet:zegman@checkpoint.com
title:Software engineer
fn:Tamir Zegman
end:vcard

References:

Re: Weak Crypto in Phase 1

From: Rodney Thayer <rodney@ssh.fi>

Prev by Date: RE: New XAUTH draft
Next by Date: Re: Weak Crypto in Phase 1
Prev by thread: Re: Weak Crypto in Phase 1
Next by thread: Re: Weak Crypto in Phase 1
Index(es):
- Main
- Thread