[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: CRACK
Waters, Stephen writes:
> Hi Dan,
>
> Looks good.
>
> Where did CRACK come from? A dubious name in a security protocol.
>
> Can the client's private/public key be unique for each connection?
Sure. But that would require an implementation+policy that would generate
a separate IKE SA for each connection. If you connect frequently, I'm not
sure you would want that.
>
> For the case where the legacy authentication is something a typical client
> could deal with (password or chap-thing), should this support symmetric
> trust of the public keys used - e.g. the client trusts the gateway based on
> the client holding legacy authentication information for the server?
If the legacy authentication method is a password, IKE already supports
this (pre-shared key). Also, these legacy authentication methods frequently
only authenticate the client. What applications are you thinking of?
>
>
> Steve.
brian
briank@network-alchemy.com
Follow-Ups:
- Re: CRACK
- From: Ari Huttunen <Ari.Huttunen@datafellows.com>
References:
- RE: CRACK
- From: "Waters, Stephen" <Stephen.Waters@cabletron.com>