[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: A fix for main mode with preshared keys

To: Andrew Krywaniuk <akrywaniuk@TimeStep.com>
Subject: Re: A fix for main mode with preshared keys
From: Dan Harkins <dharkins@network-alchemy.com>
Date: Mon, 13 Dec 1999 12:13:19 -0800
cc: francisco_corella@hp.com, hugo@ee.technion.ac.il, ipsec@lists.tislabs.com
In-reply-to: Your message of "Mon, 13 Dec 1999 12:15:44 EST." <319A1C5F94C8D11192DE00805FBBADDF0102D6CE@exchange>
Sender: owner-ipsec@lists.tislabs.com

On Mon, 13 Dec 1999 12:15:44 EST you wrote
> Hi all. Three comments.
> 
> As I see it, there are two problems:
> 
> 1) Lack of identity protection in MM w/ preshared-keys.

Oh gimme a break. The same IP address is going to be used for the IPSec
traffic so what sort of traffic analysis are you envisioning here?

And Main Mode is not the only exchange to use and pre-shared keys are not
the only authentication method to use. Any "problem" you have can be
solved using existing mechanisms. 

> 2) Authentication is not confirmed in this case (such that it's difficult to
> distinguish between a key mismatch and an implementation error).

It's not difficult to determine the problem if you know what you're doing. 

  Dan.

Follow-Ups:

Re: A fix for main mode with preshared keys

From: francisco_corella@hp.com

References:

RE: A fix for main mode with preshared keys

From: Andrew Krywaniuk <akrywaniuk@TimeStep.com>

Prev by Date: Re: A fix for main mode with preshared keys
Next by Date: RE: A fix for main mode with preshared keys
Prev by thread: RE: A fix for main mode with preshared keys
Next by thread: Re: A fix for main mode with preshared keys
Index(es):
- Main
- Thread