[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Comments on CRACK

To: "Scott G. Kelly" <skelly@redcreek.com>, Roy Pereira <royp@cisco.com>
Subject: RE: Comments on CRACK
From: Stephane Beaulieu <sbeaulieu@TimeStep.com>
Date: Tue, 26 Oct 1999 15:45:51 -0400
Cc: Stephane Beaulieu <sbeaulieu@TimeStep.com>, ipsec@lists.tislabs.com, ietf-ipsra@vpnc.org
Sender: owner-ipsec@lists.tislabs.com

Scott,

> 
> Really, Roy - you surprise me sometimes. You know the answer 
> to this as
> well as anyone, but I'll spell it out for expediency. It's 
> different due
> to context - xauth is specifically for remote access. Remote access
> users typically do not have fixed IP addresses, so we have no way to
> identify the preshared key in main mode. Hence, all remote 
> access users
> with preshared keys are often configured to use the same key. This is
> bad.

This is a case of Main Mode not dealing with remote users and pre-shared
keys very well.

This can be fixed by using Base Mode (published by Radguard).

This is one of the really nice things about XAUTH as it is today.  It can be
used with MM, AM, Base Mode, Hybrid... depending on what exactly it is
you're trying to achieve.


Regards,
Stephane.

Prev by Date: Re: Comments on CRACK
Next by Date: Re: Comments on CRACK
Prev by thread: Re: Comments on CRACK
Next by thread: Re: Comments on CRACK
Index(es):
- Main
- Thread