[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: New XAUTH draft

To: Stephane Beaulieu <sbeaulieu@TimeStep.com>
Subject: Re: New XAUTH draft
From: "Scott G. Kelly" <skelly@redcreek.com>
Date: Thu, 20 May 1999 10:28:25 -0700
CC: Tim Jenkins <tjenkins@TimeStep.com>, ipsec@lists.tislabs.com, ipsra <ietf-ipsra@vpnc.org>
Organization: RedCreek Communications
References: <319A1C5F94C8D11192DE00805FBBADDFA97178@exchange>
Sender: owner-ipsec@lists.tislabs.com

Stephane Beaulieu wrote:

> > Perhaps more importantly, I was also referring to the stability,
> > analyzability, and other security-related properties of IKE. I think
> > adding proxy servers for even 1 (let alone 16) secondary
> > authentication
> > protocols substantially impacts upon the security
> > characteristics of the
> > implementation.
> 
> As does setting up X SAs for each remote user.
> 

I'm missing the point again, I think. What is it about setting up
multiple SAs (2 in this case) which is insecure, and how is this
different than rekeying?

Scott

References:

RE: New XAUTH draft

From: Stephane Beaulieu <sbeaulieu@TimeStep.com>

Prev by Date: RE: New XAUTH draft
Next by Date: RE: New XAUTH draft
Prev by thread: RE: New XAUTH draft
Next by thread: RE: New XAUTH draft
Index(es):
- Main
- Thread