[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Comments on CRACK

To: Moshe Litvin <moshe@checkpoint.com>, Stephane Beaulieu <sbeaulieu@TimeStep.com>
Subject: RE: Comments on CRACK
From: Stephane Beaulieu <sbeaulieu@TimeStep.com>
Date: Tue, 26 Oct 1999 12:59:56 -0400
Cc: Dan Harkins <dharkins@network-alchemy.com>, ipsec@lists.tislabs.com, ietf-ipsra@vpnc.org
Sender: owner-ipsec@lists.tislabs.com

Perhaps, although some have argued that this would be redundant.  Admins
would have to maintain 2 databases (SS+RADIUS).  

If we do feel that adding this restriction adds security, then shouldn't IKE
do the same?

Stephane.

> -----Original Message-----
> From: Moshe Litvin [mailto:moshe@checkpoint.com]
> Sent: Tuesday, October 26, 1999 12:36 PM
> To: Stephane Beaulieu
> Cc: Dan Harkins; ipsec@lists.tislabs.com; ietf-ipsra@vpnc.org
> Subject: Re: Comments on CRACK
> 
> 
> Stephane Beaulieu wrote:
> 
> <snip>
> 
> >   However, I would like to hear everyone else's
> > opinion on this.  Should the use of pre-shared keys be 
> restricted in XAUTH
> > (or whatever other protocol) because it encourages the use of weak
> > pre-shared keys?
> >
> > If there is concensus, pre-shared keys can be removed from 
> XAUTH.  I don't
> > think that we have concensus at this point.
> 
> Maybe we can reach a consensus by forbidding group pre-shared keys?
> 
> Moshe
>

Follow-Ups:

RE: Comments on CRACK

From: Jan Vilhuber <vilhuber@cisco.com>

Prev by Date: RE: Comments on CRACK
Next by Date: Re: Comments on CRACK
Prev by thread: Re: Comments on CRACK
Next by thread: RE: Comments on CRACK
Index(es):
- Main
- Thread