[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: New XAUTH draft
>>>>> "Tamir" == Tamir Zegman <zegman@checkpoint.com> writes:
Tamir> Actually I think I can give you such an attack. Assume that paul
Tamir> and Daniel have the same shared key to connect to Security Gateway
Tamir> (SG). Daniel can mount a simple man in the middle attack - When
Tamir> Paul tries to connect to SG, Daniel spoofs the SG and
No need for IPsec to do this attack.
This attack was demonstrated years ago on multiple token authentication
systems used to "secure" telnet connections. This attack is inherent in
token authentication systems that only authenticates only the client to the
server, and not the server to the client.
There are challenge/response systems (some can involve tokens) that do
not have this property that XAUTH could mediate.
Dan, I have a question (even though I've been trying hard to delete every
message that says "XAUTH" or "Hybrid" in it), do *you* prefer hybrid to XAUTH?
] Train travel features AC outlets with no take-off restrictions| firewalls [
] Michael Richardson, Sandelman Software Works, Ottawa, ON |net architect[
] mcr@sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ |device driver[
] panic("Just another NetBSD/notebook using, kernel hacking, security guy"); [
Follow-Ups:
References: