[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: New XAUTH draft
Man in the middle attack?
The man in the middle has to be a member of the set authenticated by
the preshared key, right? Otherwise you can't mount that attack
because main mode doesn't let joe random user do a man in the middle
attack against it.
So now the question becomes: for applications where XAUTH would be
considered, can you partition the set of clients into subsets such
that the members of a particular subset are trusted not to be
interested in mounting man in the middle attacks for impersonating
other members of that same subset?
If yes, then each subset can share a preshared key. (If no, then and
only then is your argument against group shared keys valid for that
particular application.)
paul
Follow-Ups:
References: