[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: IKE
At 02:00 PM 5/10/00 -0500, you wrote:
Hi,
I have some questions on IKE.
Actually I was wondering if in the Main Mode, protection against man in
the
middle attacks is provided.
The countermeasure of MIM attack is authenticate
the peer. (and off course mutually)
The third pair of message will take care of this.
Since the first messages are sent in
clear mode and without any
authentication, can't a Bad Guy modify for example the SA payload ? That
can
bring to a denial of service.
The countermeasure of DOS is demanding the equal or
larger amount of resources
that attacker has to consume than the attacked.
The DH key exchange in IKE requires the peers equally (if the
implementation is correct)
consumes resources.
So if it the case, is there a way to
protect against man in the middle
attacks ?
It is the issues of "talk first" or
"authentication first".
The main mode's first and second pair of messages is "talk
first" - to establish
secured comm. channel between two peers.
The the pair messages is for authentication.
We may ask why it is done this way???? :-)
Thanking you in advance for your
help.
Franck LE
--- David
References:
- IKE
- From: Franck.Le@nokia.com