[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Comments on CRACK

To: Dan Harkins <dharkins@network-alchemy.com>
Subject: Re: Comments on CRACK
From: Roy Pereira <royp@cisco.com>
Date: Wed, 27 Oct 1999 10:10:40 -0400
CC: Stephane Beaulieu <sbeaulieu@TimeStep.com>, Moshe Litvin <moshe@checkpoint.com>, ietf-ipsra@vpnc.org, ipsec@lists.tislabs.com
Organization: Cisco Systems, Inc.
References: <199910262008.NAA00883@potassium.network-alchemy.com>
Sender: owner-ipsec@lists.tislabs.com

Dan Harkins wrote:
> 
> On Tue, 26 Oct 1999 14:36:14 EDT you wrote
>   "If mutual authentication is not required, then the phase 1
>    negotiation MAY use an authentication method of shared-secret and
>    have that shared-secret be null."
> 
> Which is just insane! You're saying that people can do an unauthenticated

Yikes!  You got me on that one.  We'll take that one out asap.  Looking
over the draft, I think that stronger security language is required. 
Even to the point of stating that "group shared secrets SHOULD NOT be
used with this protocol".  Would that make everyone happy?

References:

Re: Comments on CRACK

From: Dan Harkins <dharkins@network-alchemy.com>

Prev by Date: Re: Comments on CRACK
Next by Date: CRLs
Prev by thread: Re: Comments on CRACK
Next by thread: RE: Comments on CRACK
Index(es):
- Main
- Thread