[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: ipsec error protocol

To: <sommerfeld@East.Sun.COM>
Subject: RE: ipsec error protocol
From: "Andrew Krywaniuk" <andrew.krywaniuk@alcatel.com>
Date: Mon, 22 Jan 2001 18:35:59 -0500
Cc: <ipsec@lists.tislabs.com>
Importance: Normal
In-Reply-To: <200101222254.f0MMs65120378@thunk.east.sun.com>
Reply-To: <andrew.krywaniuk@alcatel.com>
Sender: owner-ipsec@lists.tislabs.com

> If you don't remember the authenticated identity, sessions will be
> vulnerable to hijacking by a different principal at rekey time.

True, although they wouldn't know the keys for any previously created SAs,
so it wouldn't help them much.

Personally, I don't think the memory savings of dangling phase 2s are worth
the disadvantages.

Andrew
-------------------------------------------
Upon closer inspection, I saw that the line
dividing black from white was in fact a shade
of grey. As I drew nearer still, the grey area
grew larger. And then I was enlightened.

References:

Re: ipsec error protocol

From: Bill Sommerfeld <sommerfeld@East.Sun.COM>

Prev by Date: Re: ipsec error protocol
Next by Date: RE: ipsec error protocol
Prev by thread: Re: ipsec error protocol
Next by thread: RE: ipsec error protocol
Index(es):
- Main
- Thread