[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: xauth requirements: vulnerabilities

To: Dan Harkins <dharkins@network-alchemy.com>
Subject: Re: xauth requirements: vulnerabilities
From: Tamir Zegman <zegman@checkpoint.com>
Date: Thu, 29 Jul 1999 15:44:02 +0300
CC: ipsec@lists.tislabs.com, ietf-ipsra@vpnc.org
Organization: Check Point
References: <199907281902.MAA10726@potassium.network-alchemy.com>
Sender: owner-ipsec@lists.tislabs.com

Hi Dan,

Dan Harkins wrote:

>   Stephane,
>
>   Your description of XAUTH is very disingenous.
>
>   Since the whole point of someone using XAUTH is because they do not
> want to deploy a PKI let's dismiss forever the notion that the IKE SA can
> be authenticated with a certificate and the two parties can proceed to
> XAUTH. You even admit this. It's for people who "can't (and won't) deploy
> a PKI". So that means you're stuck with pre-shared keys to authenticate
> the IKE SA.
>

Then why don't you use Hybrid?
Yes, you need a PKI, but only a small scale PKI.

References:

Re: xauth requirements: vulnerabilities

From: Dan Harkins <dharkins@network-alchemy.com>

Prev by Date: RE: xauth requirements: vulnerabilities
Next by Date: RE: weakness in IKE/DOI specs
Prev by thread: Re: xauth requirements: vulnerabilities
Next by thread: Re: xauth requirements: vulnerabilities
Index(es):
- Main
- Thread